Test OIDC and see if it sends encrypted tokens. Ray
On Tue, 2024-02-20 at 10:08 +0100, Lanfdetroy wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I use Redis instead of Hazelcast. I had forgotten a parameter. But I still have some info in the debug. I activated OIDC. Did I forget something? Why information on Encryption/Signing token/jwt tickets not enabled, is there a link with oidc? What setting am I missing? 2024-02-20 09:41:28,470 INFO [org.apereo.cas.redis.core.RedisObjectFactory] - <Redis native connection sharing is turned [on]> 2024-02-20 09:41:32,498 DEBUG [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is enabled for [redis]> 2024-02-20 09:41:33,282 DEBUG [org.apereo.cas.authentication.attribute.DefaultAttributeDefinitionStore] - <Loaded [0] attribute definition(s).> 2024-02-20 09:41:33,322 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <No attribute repository sources are available/defined to merge together.> 2024-02-20 09:41:33,425 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Attribute repository sources are not available for person-directory principal resolution> 2024-02-20 09:41:34,175 DEBUG [org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService] - <Given resource [file:///etc/cas/config/keystore.jwks] cannot be parsed as a raw JSON web keystore> 2024-02-20 09:41:34,178 INFO [org.apereo.cas.util.io.PathWatcherService] - <Watching directory path at [/etc/cas/config]> 2024-02-20 09:41:34,319 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will only attempt to produce signed objects> 2024-02-20 09:41:34,325 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects> Le 14/02/2024 à 17:36, Ray Bon a écrit : Those are not errors. CoreTicketUtils Either your registry does not support encryption or you have not provided the properties. This is what my log line looks like: cas | 2024-02-14 16:16:53,778 DEBUG [ org.aper.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is enabled for [hazelcast]> [main] BaseStringCipherExecutor I also see this message even when I do not enable tokens, OIDC, nor Oauth2. It may be an internal system. If you are using any of those systems (or anything that has encryption / signing options), make sure you set the e / s properties. Ray On Wed, 2024-02-14 at 05:44 -0800, lanf detroy wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I have a problem when starting CAS (v7.0.1): Can you tell me what I need to add or correct? INFO [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.> INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects> Thx you -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d38b284b7d696e568efa50d1354440faed29f86.camel%40uvic.ca.
