Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fails to create Jose4jEllipticCurveJWK instance #22298

Closed
arunavemulapalli opened this issue Aug 26, 2022 · 2 comments · Fixed by #22802
Closed

fails to create Jose4jEllipticCurveJWK instance #22298

arunavemulapalli opened this issue Aug 26, 2022 · 2 comments · Fixed by #22802
Assignees
@arunavemulapalli
Labels
release bug This bug is present in a released version of Open Liberty team:Security SSO

Comments

@arunavemulapalli
Copy link
Contributor

arunavemulapalli commented Aug 26, 2022
edited
Loading

OpenID Connect Client fails to validate JWT due to this error :
CWWKS1737E: The OpenID Connect client [clientid123] failed to validate the JSON Web Token. The cause of the error was: [CWWKS1739E: A signing key required by signature algorithm [ES256] was not available. ] …

Jose4jEllipticCurveJWK class is not storing the correct object type for “x5c” parameter, JWK therefore does not get successfully parsed and runtime fails to find the key to verify the JWT signature
@arunavemulapalli arunavemulapalli added team:Security SSO release bug This bug is present in a released version of Open Liberty labels Aug 26, 2022
@arunavemulapalli arunavemulapalli self-assigned this Aug 26, 2022
@arunavemulapalli
Copy link
Contributor Author

Fix the programming error
Jose4jEllipticCurveJWK is being populated with the parameters in the JWK. However, the Jose4jEllipticCurveJWK class is storing the String representations of each parameter value in the Map instead of the actual objects themselves. The "x5c" parameter value is meant to be an array of Strings (per https://datatracker.ietf.org/doc/html/rfc7517#section-4.7).

@arunavemulapalli arunavemulapalli mentioned this issue Oct 12, 2022
Merged
@covener
Copy link
Member

covener commented Oct 20, 2022

FYI, This is in 22.0.0.11 but was not linked to a PR at GM time.

@ayoho ayoho moved this to Done in Security SSO May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arunavemulapalli arunavemulapalli

Labels
release bug This bug is present in a released version of Open Liberty team:Security SSO
Projects
Security SSO
Status: Done
Milestone
No milestone
2 participants
@covener @arunavemulapalli