Layer7 API Management

  • Private Community

  • 1.  Encode Json Web Token using JWK

    Posted Feb 06, 2018 06:54 AM

    Issue : I am trying to create JWT using the "Encode Json Web Token assertion". In this assertion I am passing the JWK or JWKS created by "Create Json Web Key" assertion, But the assertion failing with the below error.

     

    Error in logs : JOSE Error: Error parsing json: Unexpected character (j) at position 0.

    Observation :  JWK key created by "Create Json Web Key" assertion uses the "Recipient Public Key" not private key as shown in the screenshot. The output JWK from this assertion doesn't include the parameter "d". It shows that JWK is created using the public key not private one that's why its failing.

     

    Has anybody used this approach?



  • 2.  Re: Encode Json Web Token using JWK
    Best Answer

    Broadcom Employee
    Posted Feb 06, 2018 10:26 AM

    Hi Vivek,

     

    The JSON Web Key contains only public information, and does not include private key or symmetric key information. As it contains only public information it cannot be used for signing. It can however be used for encrypting the payload.

     

    Regards,

    Joe



  • 3.  Re: Encode Json Web Token using JWK

    Broadcom Employee
    Posted Feb 06, 2018 10:33 AM
      |   view attached

    Attached a sample using encryption.

    Attachment(s)

    zip
    jwk.xml.zip   984 B 1 version


  • 4.  Re: Encode Json Web Token using JWK

    Posted Feb 21, 2018 01:58 PM

    When using JWK for signature jwk_xml is failing:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
    <soapenv:Fault>
    <faultcode>soapenv:Server</faultcode>
    <faultstring>Policy Falsified</faultstring>
    <faultactor>https://ssg05.cibc.com:8443/jwk</faultactor>
    <detail>
    <l7:policyResult xmlns:l7="http://www.layer7tech.com/ws/policy/fault" xmlns:l7p="http://www.layer7tech.com/ws/policy" status="Error in Assertion Processing">
    <l7:assertionResult assertion="l7p:FaultLevel" status="No Error"/>
    <l7:assertionResult assertion="l7p:CreateJsonWebKey" status="No Error"/>
    <l7:assertionResult assertion="l7p:SetVariable" status="No Error"/>
    <l7:assertionResult assertion="l7p:EncodeJsonWebToken" status="Error in Assertion Processing">
    <l7:detailMessage id="10813">Could not find signing key for JWS operation.</l7:detailMessage>
    </l7:assertionResult>
    <l7:assertionResult assertion="l7p:All" status="Error in Assertion Processing"/>
    </l7:policyResult>
    </detail>
    </soapenv:Fault>
    </soapenv:Body>
    </soapenv:Envelope>
    Following changes are made to policy
    1. Create JWK is modified to "Signature".
    2. Encode is using "key" for JWS RSASSA-PKCS1-v1_5 signature algorithm, and JWKS, with kid ssl.
    What has to be corrected to sign the message. 
    Thanks,
    Zoran


  • 5.  Re: Encode Json Web Token using JWK

    Broadcom Employee
    Posted Feb 22, 2018 08:46 AM

    Hello Zoran,

     

    Per Joe's response the JSON Web Key contains only public information, and does not include private key or symmetric key information. As it contains only public information it cannot be used for signing.