search cancel

Cannot use ECDSA alghoritm for JWT validation and creation


Article ID: 134038


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER


We'd like to know how to make CA SiteMinder to use the ECDSA algorithm to

sign JWT token as the CA API Gateway only uses this ECDSA algorithm

for signature. Is it possible ?


Release : 12.8



At first glance, in our latest version SiteMinder 12.8, ECDSA

is not implemented for cookie and token encryption :

  Encryption and Decryption Algorithms

and JWT signature algorithm should be one of these :

JWTs can accept the following RSA-based algorithms for certificate


  Configure JWT Authentication Scheme

    RS256 - RSA signature with SHA-256

    RS384 - RSA signature with SHA-384

    RS512 - RSA signature with SHA-512

And our Product Roadmap hasn't a mention about such implementation :

  CA Single Sign-On Certification Backlog

Further, as pre-requisites for JWT, you should insure that JWT is RSA

encryption based.

  Ensure that JWT authentication scheme imports the User Public

  Certificate into Policy Server Certificate Database (CDS) to

  validate a JWT successfully for RSA based algorithms.