You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
I'm testing mTLS with the latest version of IdentityServer4 (straight from the repository). I've configured a client on the test site to use/require mTLS and this works perfectly. (I've verified that I cannot get a token without the client certificate I've configured.)
However, when I look at the JWT token that the server returns, there seems to be a problem with the cnf claim. According to the mTLS specification (RFC8705), the cnf claim should have a property "x5t#S256" that holds the hash of the certificate that was used when the token was requested. However, this is the (unpacked) token I got from IdentityServer4:
This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.
The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.
I'm testing mTLS with the latest version of IdentityServer4 (straight from the repository). I've configured a client on the test site to use/require mTLS and this works perfectly. (I've verified that I cannot get a token without the client certificate I've configured.)
However, when I look at the JWT token that the server returns, there seems to be a problem with the cnf claim. According to the mTLS specification (RFC8705), the cnf claim should have a property "x5t#S256" that holds the hash of the certificate that was used when the token was requested. However, this is the (unpacked) token I got from IdentityServer4:
{
"alg": "RS256",
"kid": "BD55BCDFD7DC43A6BACD426E6EC1E18AEC3CE375RS256",
"typ": "at+jwt",
"x5t": "vVW839fcQ6a6zUJubsHhiuw843U"
}
{
"nbf": 1586950818,
"exp": 1586951418,
"iss": "https://localhost:44365",
"client_id": "secure_client",
"sub": "88421113",
"auth_time": 1586947791,
"idp": "local",
"jti": "7CC98784B028BC9B707F5359CB21353B",
"sid": "3CD31E0C8B6054ED80EAC2095EBB1335",
"scope": [
"IdentityServerApi",
"offline_access"
],
"amr": [
"pwd"
],
"cnf": {
"x5t#S256": []
}
}
I did refer the below link, But I'm using Identity Model package version 5.1.0 but I still don't receive the CNF value.
#4285
Thanks
The text was updated successfully, but these errors were encountered: