Hi Ray, Thanks for the response.
I initially found the Issue I have described and provided the messages for when I was running v6.3.7.4. it was not related to that version but it was at that point I was trying for the first time to encrypt properties. I reached out to Unicon (in March 2022) with whom my organization contracts with for open source support. I was looking for help to encrypt properties and I was trying to follow the guidance I could find in the CAS documentation. After beginning the conversation much the way you have by identifying the properties as they are documented, we finally got beyond the point were we just refer to the documentation or the code references and through testing re-affirmed the failure I am describing. I was told that it will be fixed in a future version an answer that satisfied my need as I could continue to leverage the camelCase as described in the quasi official CAS how-too blog <https://fawnoos.com/2019/05/08/cas61x-jasypt-encryption/> . Today, in v6.5.9 It still works with camelCase. I'm trying to surface the issue now because with the move to v6.5.9 during my review the error message appeared at startup. -- You cannot use the property as documented <https://apereo.github.io/cas/6.5.x/configuration/Configuration-Properties-Security.html#standalone> or referred to in the Class you sent. It just does not work when placed in the a commandLineArgs collection*.* If I use: *--cas.standalone.configuration-security.iterations=999* -*-cas.standalone.configurationSecurity.iterations=999* 2022-09-07 14:39:35,708 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt algorithm [PBEWithMD5AndTripleDES]> 2022-09-07 14:39:35,710 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt password> 2022-09-07 14:39:35,710 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt provider> 2022-09-07 14:39:35,717 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt iterations> ........ 2022-09-07 14:39:38,243 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Attempting to decode key [cas.authn.ldap[0].bindCredential]> 2022-09-07 14:39:38,243 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Initializing Jasypt...> 2022-09-07 14:39:38,303 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Decrypting value [wLG8ti97SbbrP04JdOR4vW08qBOEd1c5yB9n4eMMNeNGQCVzoogUGA==]...> 2022-09-07 14:39:38,319 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Decrypted value [wLG8ti97SbbrP04JdOR4vW08qBOEd1c5yB9n4eMMNeNGQCVzoogUGA==] successfully.> When I use what is documented: *--cas.standalone.configuration-security.iteration=999* 2022-09-07 14:32:13,852 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt algorithm [PBEWithMD5AndTripleDES]> 2022-09-07 14:32:13,853 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt password> 2022-09-07 14:32:13,853 DEBUG [org.apereo.cas.util.crypto.CipherExecutor] - <Configured Jasypt provider> NO ITERATOR Picked up ....... 2022-09-07 14:32:16,279 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Attempting to decode key [cas.authn.ldap[0].bindCredential]> 2022-09-07 14:32:16,279 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Initializing Jasypt...> 2022-09-07 14:32:16,363 TRACE [org.apereo.cas.util.crypto.CipherExecutor] - <Decrypting value [wLG8ti97SbbrP04JdOR4vW08qBOEd1c5yB9n4eMMNeNGQCVzoogUGA==]...> 2022-09-07 14:32:16,416 ERROR [org.apereo.cas.util.crypto.CipherExecutor] - <*Could not decrypt value* [{cas-cipher}wLG8ti97SbbrP04JdOR4vW08qBOEd1c5yB9n4eMMNeNGQCVzoogUGA==]> *-------------------------------------------------------* If the fact is: The documentation and class say: *iteration* but the command line uses *iterations* and that is intentional, it is confusing. If this is good grammar and the tech document requires you to know the difference to make a jump from the literally represented value to the contextual place to use one vs the other. Man it would be great if that was explained in the documentation. I've always been able to just use the property as documented. On Tuesday, September 6, 2022 at 3:58:40 PM UTC-5 Ray Bon wrote: > Andrew, > > The current property is 'iteration'; > https://github.com/apereo/cas/blob/6.5.x/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/config/standalone/StandaloneConfigurationSecurityProperties.java > > 'iterations' "worked" because the real default was used; since 'Failed to > bind properties' message was printed. > Maybe setting debug/trace logging for org.apereo.cas.util will provide > some more insight. > > Ray > > On Tue, 2022-09-06 at 11:40 -0700, Andrew Marker wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > In my CAS instance: > These are working with error message: > ** cas.standalone.configuration-security.iterations* > ** cas.standalone.configurationsecurity.iterations* > > > This is what is documented and it fails: > > ** **cas.standalone.configuration-security.iteration* > > On Tuesday, September 6, 2022 at 1:34:03 PM UTC-5 Andrew Marker wrote: > > *The warning message about the property seems to be incorrect, and using > the documented property seems to lead to failure.* > > Today, I was testing a move from v6.5.7 to v6.5.9 and I saw a warning that > I did not see in the previous version at runtime. I'm not having a > functional problem, but there seems to be a disconnect between the code and > the documentation. > > When I start CAS, I am seeing the following ERROR. > > Failed to bind properties under 'cas' to > org.apereo.cas.configuration.CasConfigurationProperties > > *cas.standalone.configurationsecurity.iterations *= 999 (Origin: > "cas.standalone.configurationSecurity.iterations" from property source > "commandLineArgs") > > ---------------------------- > > The documented property is: > > *cas.standalone.configuration-security.iteration*=999 > > 2022-09-06 12:58:30,001 ERROR [org.apereo.cas.util.crypto.CipherExecutor] > - <Could not decrypt value [{cas-cipher}someawesometext] > > *> It appears the documented property does not work* > > *----------------------* > > *To try to understand the scope I tried the following:* > > 2022-09-06 13:13:22,629 ERROR > [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - < > > Failed to bind properties under 'cas' to > org.apereo.cas.configuration.CasConfigurationProperties > > *cas.standalone.configuration-security.iterations* = 999 > > This however seemed still to function. > > *----------------------* > > In the event my original was incorrect and being ignored giving way to the > default, I tried what is posted. > > *cas.standalone.configuration-security.iteration=0* > > This too led to a fail to decrypt message. > > *----------------------* > > Using the old naming convention, I pass > > > - iterations > - password > - provider (SunJCE). > > I've never needed to pass: > > > - Algorithm > - Initialization vector > > Is there some additional requirement necessary to move to the new property > names? > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional > territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ > peoples whose historical relationships with the land continue to this day. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6510b2dd-97b5-4e42-a424-95bb5797e5een%40apereo.org.
