How to make CA SiteMinder use the ECDSA algorithm to sign JWT token as the CA API Gateway only uses this ECDSA algorithm for signature. Is it possible?
At first glance, the latest version SiteMinder 12.8SP6a, ECDSA is not implemented for cookie and token encryption (1). The JWT signature algorithm should be one of RS256, RS384, and RS512 (2).
Further, as pre-requisites for JWT, ensure that JWT is RSA encryption based (3).
Encryption and Decryption Algorithms
8. Provide the Certificate Alias List details to be used for JWT signature validation.
JWTs can accept the following RSA-based algorithms for certificate validation:
RS256 - RSA signature with SHA-256
RS384 - RSA signature with SHA-384
RS512 - RSA signature with SHA-512
Configure JWT Authentication Scheme
Import the User Public Certificate for JWS or import the private key for JWE into Policy Server Certificate Database (CDS) to validate a JWT for RSA algorithms.