-
Notifications
You must be signed in to change notification settings - Fork 101
jwt verification key incorrect information #132
Comments
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/130138453 The labels on this github issue will be updated when the story is started. |
There was a typo in statement "ssh-keygen -f jwt-key.pem does create a pub key which includes the begin and end lines" It should be does not. Thanks |
+1 this area needs better doc, esp given the changes to these parameters in v242. I spent two days trying to migrate to the new properties (uaa.jwt.policy.keys) before giving up and staying on the deprecated ones. |
@jbheron, "openssl rsa -in jwt-key.pem -pubout > key.pub" does not create the private key, it only outputs public key with the BEGIN and END lines. We would still need to use a mechanism to create the private key. A quick recommendation for the jwt process:
Please test this out and update the document. Thanks. |
The documentation for editing the cf-stub.yml - jwt section does not tell us what to do properly. We could not use the generated pub file.
Used the following the cat the output file:
openssl rsa -in jwt-key.pem -pubout > key.pub
ssh-keygen -f jwt-key.pem does not create a pub key which includes the begin and end lines.
jwt:
verification_key: JWT_VERIFICATION_KEY
signing_key: JWT_SIGNING_KEY
Instead of just stating where each key is used, the begin and end lines should be inserted so that admins know what to look for after generating these keys. For example,
verification_key: JWT_VERIFICATION_KEY
-----BEGIN PUBLIC KEY-----
PUBLIC_KEY
-----END PUBLIC KEY-----
signing_key: JWT_SIGNING_KEY
-----BEGIN RSA PRIVATE KEY-----
RSA_PRIVATE_KEY
-----END RSA PRIVATE KEY-----
Without proper information my team spent close to two months trying to figure out the resolution for:
API endpoint: https://api.cftest.test.local (API version: 2.58.0)
User: admin
No org or space targeted, use 'cf target -o ORG -s SPACE'
FAILED
Error finding available orgs
Server error, status code: 500, error code: 0, message:
The text was updated successfully, but these errors were encountered: