This topic has 1 reply, 1 voice, and was last updated 4 years, 7 months ago by handat.

  • Author
    Posts
  • #20892
     handat
    Participant

    I am using the OPENID CONNECT ID_TOKEN BEARER authentication module to allow authentication using a third party ID token and jwk_url for validation. This is fine if the third party provides their jwk_url and it is accessible. However, there are some who do not provide it and instead just provide their public certificate out of band. Now I would like to either be able to import that certificate and have it appear in the openam jwk_url endpoint so the auth module can use that for validation, or generate the json file with the jwk entry and host locally.
    Is there an easy way to do this that is already available?
    Basically, I want something similar to this: https://mkjwk.org, but instead of generating random keys, read the public key from a PEM or keystore file, and most importantly, use the ForgeRock libraries provided by json-web-token-22.0.0.jar rather than the nimbusds classes. Is there something like this already available, or do I need to write this myself? I want to generate something like this:

    {
    “keys”:
    [
    {
    “kty”: “RSA”,
    “kid”: “WymXCOUKACY8EH9De0E5X4WNmUs=”,
    “use”: “sig”,
    “alg”: “RS256”,
    “n”: “r2FFFyh-BoEDRGy6TzQMXwmb_IYSz-bLsaFNYGcy_H8PQVQxSns6VzY1P1wDLEQsUXHyY1LeMndELiR1bj3xO40rZwvxcCBMdF13i-IfiW0Sy9YKe5HZkLhh8hFR0tmCViq-H2AW0Gk_RIJzRwndsr6QAsBX98oKYC3mwzLD3E_KFX24yMafQRAZfBS_DNWogHpEHHUp_bmHMR2RxGsU27c79VJSOWbDQ0m8vBt5sHw5fDvAlLfWKVcA-mJHpmQ66roij7eBLvX25r5YEjSk-wnxf8x8ugPe4Nj5BrG9LCemz2yWqE-ApZncoV0KU-e_o6ahrgeBRcDzktKnSk7ywQ”,
    “e”: “AQAB”,
    “factors”: []
    }
    ]
    }

    #20935
     handat
    Participant

    Answering my own question for anyone who is interested, it turns out that it was easier than I thought.

    Basically, this is all I needed:

    RsaJWK jwk = new RsaJWK((RSAPublicKey)key, KeyUse.SIG, jwsAlgorithm.name(), kid, x5u, x5t, x5c);
    System.out.println(jwk.toJsonString());

    Then stick that into jwk_uri file under the keys section.

    • This reply was modified 4 years, 7 months ago by handat.
    • This reply was modified 4 years, 7 months ago by handat.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?