ECDSA algorithm for JWT validation and creation in Policy Server
search cancel

ECDSA algorithm for JWT validation and creation in Policy Server


Article ID: 134038


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



How to make CA SiteMinder use the ECDSA algorithm to sign JWT token as the CA API Gateway only uses this ECDSA algorithm for signature. Is it possible?




At first glance, the latest version SiteMinder 12.8SP6a, ECDSA is not implemented for cookie and token encryption (1). The JWT signature algorithm should be one of RS256, RS384, and RS512 (2).

Further, as pre-requisites for JWT, ensure that JWT is RSA encryption based (3).


Additional Information



    Encryption and Decryption Algorithms


    8. Provide the Certificate Alias List details to be used for JWT signature validation.

      JWTs can accept the following RSA-based algorithms for certificate validation:

        RS256 - RSA signature with SHA-256
        RS384 - RSA signature with SHA-384
        RS512 - RSA signature with SHA-512



    Configure JWT Authentication Scheme

      Import the User Public Certificate for JWS or import the private key for JWE into Policy Server Certificate Database (CDS) to validate a JWT for RSA algorithms.