Hi, I was using the following configuration with CAS 7.0.5.1 :
#################
# OIDC / OAuth2 #
#################
cas.authn.token.crypto.enabled=false
cas.authn.token.crypto.encryption-enabled=false
cas.authn.oauth.session-replication.cookie.crypto.signing.key=H7-MYjp5M2e9hq_DIhOdR73X1cfTaabRFowiLJI0LhC4Cbb4FVNDFV30yJn0i9q68QWS0y3f1OTfJ9nno_Hjuw
cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc
cas.authn.oidc.core.accepted-issuers-pattern=.*
cas.authn.oauth.crypto.encryption.key=0ZJCKvFSVO6PUKlzUqWzE5eXDerK_T7G1oSfGHfaAGM
cas.authn.oauth.crypto.signing.key=_d6j3pacsAy_V7WP55RB-H0HtwfSawKav6aV8rUPuRPBDqDhAeJXpqjrtZwqTiUPkNOz2jcb5nLqJJ73ygqROw
cas.authn.oauth.access-token.crypto.encryption.key=8wK97XDbYzeDhSzZgfcFWp3SHW_Lr-h69cGtWYZjJz0
cas.authn.oidc.core.user-defined-scopes.memberof=memberof
cas.authn.oidc.discovery.scopes=openid,profile,email,address,phone,memberof
cas.authn.oidc.discovery.claims=sub,name,email,family_name,given_name,memberof
cas.authn.oidc.id-token.include-id-token-claims=true
cas.authn.oidc.core.claims-map.email=mail
cas.authn.oidc.core.claims-map.memberof=memberOf
cas.authn.oidc.core.claims-map.name=cn
cas.authn.oidc.core.claims-map.family_name=sn
cas.authn.oidc.core.claims-map.given_name=givenName
cas.authn.oidc.core.claims-map.sub=uidNumber
cas.authn.oidc.jwks.file-system.jwks-file=file:///etc/cas/config/keystore.jwks
There was no problem to authentify a service like this Gitea instance : {
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "sn", "givenName",
"displayName", "mail"] ]
},
"clientId": "gitea01",
"clientSecret": "862E68E1-3973-40AF-BEB0-5A981C901F37",
"supportedResponseTypes": [ "java.util.HashSet", [ "code", "id_token" ] ],
"scopes" : [ "java.util.HashSet", [ "openid", "profile", "email", "memberof" ]
], "serviceId" : "https://my_gitea_server/user/oauth2/SSODEV_OIDC/callback(.*)",
"name" : "gitea01",
"description" : "GITEA Infra test",
"evaluationOrder" : 5,
"allowedToProxy" : false,
"anonymousAccess" : false,
"ignoreAttributes" : false,
"multifactorPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"bypassEnabled": false,
"forceExecution": false
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"caseInsensitive" : false
},
"id" : 5
} But with 7.2.3, I can not pass the login form, it loops on it. And I have
seen this expection in the logs : 2025-06-27 18:27:29,830 WARN
[org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator] -
org.apereo.cas.util.crypto.DecryptionException: null
at org.apereo.cas.util.EncodingUtils.decryptJwtValue(EncodingUtils.java:480)
~[cas-server-core-util-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.util.cipher.BaseStringCipherExecutor.verifyAndDecrypt(BaseStringCipherExecutor.java:283)
~[cas-server-core-util-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.util.cipher.BaseStringCipherExecutor.decode(BaseStringCipherExecutor.java:129)
~[cas-server-core-util-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.util.cipher.BaseStringCipherExecutor.decode(BaseStringCipherExecutor.java:123)
~[cas-server-core-util-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.util.cipher.BaseStringCipherExecutor.decode(BaseStringCipherExecutor.java:37)
~[cas-server-core-util-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.web.support.mgmr.EncryptedCookieValueManager.obtainCookieValue(EncryptedCookieValueManager.java:52)
~[cas-server-core-cookie-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.web.cookie.CookieValueManager.obtainCookieValue(CookieValueManager.java:42)
~[cas-server-core-api-cookie-7.2.3.jar:7.2.3]
at
org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator.lambda$retrieveCookieValue$0(CookieRetrievingCookieGenerator.java:150)
~[cas-server-core-cookie-api-7.2.3.jar:7.2.3]
at java.base/java.util.Optional.map(Optional.java:260) ~[?:?]
at
org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator.retrieveCookieValue(CookieRetrievingCookieGenerator.java:150)
~[cas-server-core-cookie-api-7.2.3.jar:7.2.3]
at
org.apereo.cas.web.flow.login.VerifyRequiredServiceAction.doExecuteInternal(VerifyRequiredServiceAction.java:47)
~[cas-server-support-actions-core-7.2.3.jar Is there something I need to
configure, maybe a parameter with a new default value I had never set before ?
Thanks for any help Regards
-------------------------------------------------------------------------------------------------
FreeMail powered by mail.fr
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfb83d961fe97ff9679fdf9ba883b30d627dee0a%40mail.de.
