Uploaded image for project: 'WSO2 Identity Server'
  1. WSO2 Identity Server
  2. IDENTITY-4738

[OIDC] Exposing the Public Certificate via jwks.json ('jwks_uri')

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.3.0-M5
    • Component/s: oauth
    • Labels:
      None
    • Environment:

      OpenID Connect

    • Severity:
      Critical
    • Estimated Complexity:
      Moderate
    • Test cases added:
      Yes

      Description

      IS need expose the Public Certificate via jwks.json ('jwks_uri')

      This requirement identified during the OpenID Connect Conformance Testing, using the test suite provided in link [1].

      As a sample 'jwks_uri', you can refer the 'Google OAuth2 cert' in [2].

      The current requirement we have is, exposing the Public Certificate via jwks.json ('jwks_uri'). We followed the 'jwks_uri'[2] of 'Google OAuth2 cert' and designed following jwks.json file to expose the public certificate of our server.

      {
       "keys": [
        {
         "kty": "RSA",
         "alg": "RS256",
         "use": "sig",
         "n": "94A7FA15D6F59CF3F4E4412880BD3A2EB0CCCE3386AC0768A5B6BD902A8CE78B969516EF35F0CA4E2D922BF0B3274F35A5949BEF680E510007696C409BFB8F058DB05ED21B1E51D3791E9C2F9C7FC35BC65C706BE4E7723A3ABABB84B0AFD591EDB8E0A8920873FC04EB8723EAF9092D31F5E7452E07ACA1894F3C5A09C53B39",
         "e": "65537"
        }
       ]
      }
      

      To get the modulus and the exponent values for the Public Key, we have followed post [3].

      After doing all these, when running the test suite, the signature validation fails. What I feel is the "n" and "e" values we have set are not is proper encoding/encryption. Seems this is not the format in google cert [2].

      [1] http://openid.net/certification/testing/

      [2] https://www.googleapis.com/oauth2/v2/certs

      [3] http://stackoverflow.com/questions/3116907/rsa-get-exponent-and-modulus-given-a-public-key

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hasanthi@wso2.com Hasanthi Dissanayake
                Reporter:
                pandula@wso2.com Pandula Kariyawasam
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: