Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

I'm unable to fetch CNF value in the Token. My Identity Model package version 5.1.0age is #5425

Closed
syedparveez opened this issue Jan 29, 2022 · 4 comments
Closed

I'm unable to fetch CNF value in the Token. My Identity Model package version 5.1.0age is #5425

syedparveez opened this issue Jan 29, 2022 · 4 comments
Labels
wontfix

Comments

@syedparveez
Copy link

syedparveez commented Jan 29, 2022
edited
Loading

I'm testing mTLS with the latest version of IdentityServer4 (straight from the repository). I've configured a client on the test site to use/require mTLS and this works perfectly. (I've verified that I cannot get a token without the client certificate I've configured.)

However, when I look at the JWT token that the server returns, there seems to be a problem with the cnf claim. According to the mTLS specification (RFC8705), the cnf claim should have a property "x5t#S256" that holds the hash of the certificate that was used when the token was requested. However, this is the (unpacked) token I got from IdentityServer4:

{
"alg": "RS256",
"kid": "BD55BCDFD7DC43A6BACD426E6EC1E18AEC3CE375RS256",
"typ": "at+jwt",
"x5t": "vVW839fcQ6a6zUJubsHhiuw843U"
}
{
"nbf": 1586950818,
"exp": 1586951418,
"iss": "https://localhost:44365",
"client_id": "secure_client",
"sub": "88421113",
"auth_time": 1586947791,
"idp": "local",
"jti": "7CC98784B028BC9B707F5359CB21353B",
"sid": "3CD31E0C8B6054ED80EAC2095EBB1335",
"scope": [
"IdentityServerApi",
"offline_access"
],
"amr": [
"pwd"
],
"cnf": {
"x5t#S256": []
}
}

I did refer the below link, But I'm using Identity Model package version 5.1.0 but I still don't receive the CNF value.
#4285

Thanks
@syedparveez
Copy link
Author

@pieterphilippaerts, @leastprivilege

@leastprivilege
Copy link
Member

Important update

This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.

The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.

@stale
Copy link

stale bot commented Apr 16, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

@stale stale bot added the wontfix label Apr 16, 2022
@stale stale bot closed this as completed Apr 25, 2022
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leastprivilege @syedparveez