February 14, 2018 at 11:21 am #20892handatParticipant
I am using the OPENID CONNECT ID_TOKEN BEARER authentication module to allow authentication using a third party ID token and jwk_url for validation. This is fine if the third party provides their jwk_url and it is accessible. However, there are some who do not provide it and instead just provide their public certificate out of band. Now I would like to either be able to import that certificate and have it appear in the openam jwk_url endpoint so the auth module can use that for validation, or generate the json file with the jwk entry and host locally.
Is there an easy way to do this that is already available?
Basically, I want something similar to this: https://mkjwk.org, but instead of generating random keys, read the public key from a PEM or keystore file, and most importantly, use the ForgeRock libraries provided by json-web-token-22.0.0.jar rather than the nimbusds classes. Is there something like this already available, or do I need to write this myself? I want to generate something like this:
}February 16, 2018 at 7:51 am #20935handatParticipant
Answering my own question for anyone who is interested, it turns out that it was easier than I thought.
Basically, this is all I needed:
RsaJWK jwk = new RsaJWK((RSAPublicKey)key, KeyUse.SIG, jwsAlgorithm.name(), kid, x5u, x5t, x5c);
Then stick that into jwk_uri file under the keys section.
You must be logged in to reply to this topic.