We'd like to know how to make CA SiteMinder to use the ECDSA algorithm to

sign JWT token as the CA API Gateway only uses this ECDSA algorithm

for signature. Is it possible ?

Release : 12.8

Component : SITEMINDER -POLICY SERVER

At first glance, in our latest version SiteMinder 12.8, ECDSA

is not implemented for cookie and token encryption :

  Encryption and Decryption Algorithms

  https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/partnership-federation/encryption-and-decryption-algorithms

and JWT signature algorithm should be one of these :

JWTs can accept the following RSA-based algorithms for certificate

validation:

  Configure JWT Authentication Scheme

    RS256 - RSA signature with SHA-256

    RS384 - RSA signature with SHA-384

    RS512 - RSA signature with SHA-512

  https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/policy-server-configuration/authentication-schemes/json-web-token-jwt-authentication-scheme

And our Product Roadmap hasn't a mention about such implementation :

  CA Single Sign-On Certification Backlog

  https://casupport.broadcom.com/phpdocs/7/5262/5262_PlatformSupportRoadmap.pdf

Further, as pre-requisites for JWT, you should insure that JWT is RSA

encryption based.

  Ensure that JWT authentication scheme imports the User Public

  Certificate into Policy Server Certificate Database (CDS) to

  validate a JWT successfully for RSA based algorithms.