Hello, I am configuring Apereo CAS 6.4.6.6 as an OpenId Connect server. Following the CAS documentation, I added the property to the server:
cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks Looking at the documentation on how to define a client in this protocol: https://apereo.github.io/cas/7.2.x/authentication/OIDC-Authentication-Clients.html This is very similar to CASE 6.4.6.6, it is written: jwks -> Optional. Resource path to the keystore location that holds the keys for this application. Isn't this the keytore.jwks that should sign the Id Token when it is generated for this service? For example, I have: { "@class" : "org.apereo.cas.services.OidcRegisteredService", "serviceId" : "https:localhost:8443/openid-connect-demo/.*", "clientId": "openid_connect", "clientSecret": "AAAAAAAAAA", "name" : "Cas Server", "id" : 10290, "evaluationOrder" : 290, "bypassApprovalPrompt": true, "generateRefreshToken" : true, "jsonFormat" : true, "supportedGrantTypes" : [ "java.util.HashSet", [ "authorization_code", "password", "client_credentials", "refresh_token" ] ], "supportedResponseTypes" : [ "java.util.HashSet", [ "code", "token" ] ], .... "jwks": "file:/etc/cas/config/localhost/oidc/keystore3.jwks" } When I have the jwks property in this file, CAS automatically adds this new key to the path: https://{SERVER_CAS_PATH}/cas/oidc/jwks But when you have to sign the ID Token, always use the: cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks Shouldn't I use the signature defined in "jwks"? Am I doing something wrong? Am I missing something else to configure? Thanks! - Xavier - -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/07f60180-e7ed-4c1b-a6fa-f5d119c2f0a1n%40apereo.org.