• praveenpasi posted an update 2 months, 1 week ago


    I have been following yours posts regarding testing JWT bearer flows with ForgeRock.
    From your most recent posts I understood that you used tools like https://kjur.github.io/jsrsasign/tool/tool_jwt.html to generate a signed JWT and using tools like https://8gwifi.org/jwkconvertfunctions.jsp you could get JWK that is to be configured under JWK set under Realms > Realm Name > Applications > Agents > Trusted JWT Issuer.
    Currently we tried the following steps and are getting error ‘JWT Signature is invalid’
    1.Generated example.jks file using keystore command
    2.Generated example.cert file using the above example.jks file(RSA algorithm)
    3.Generated JWT token using Nimbus JOSE library(using JAVA program)
    4.Using your suggestion retrieved JWK set from example.cert using https://8gwifi.org/jwkconvertfunctions.jsp
    5.Configured the above retrieved JWK set in under Realms > Realm Name > Applications > Agents > Trusted JWT Issuer.
    6.Invoke the below curl command to retrieve access token from ForgeRock which is giving ‘JWT Signature is invalid’ error
    curl –request POST –data “client_id=my-client-id” –data “client_secret=password” –data “grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer” –data “assertion=eyJ4NXQjUzI1” –data “redirect_uri=http://www.example.com” http://hostname:port/openam/oauth2/access_token

    Since we are getting error & you are able to successfully test using online tools,kindly request you to give few more details on how you could test this flow.

    1.Details/example on how you used https://kjur.github.io/jsrsasign/tool/tool_jwt.html to generate a sample JWT
    2.How you retrieved .pem file from the above step so that JWK is retrieved using https://8gwifi.org/jwkconvertfunctions.jsp

    Also please let us know if we are missing any configuration steps.


©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?