When configuraing Siteminder, one might like to know if Siteminder can
accept a JWT token with a specific kid bringing a public key.
Siteminder provides JWT Authentication Scheme which can accept token
produced by Third-Party software.
For signature and encryption validation, SiteMinder can be configured
to use the value of the KID if this one's value is certificate alias (1).
Note that kid is optional, and it should of a string format (2).
JSON Web Token (JWT) Authentication Scheme (Release 12.8.03 and Later)
SiteMinder supports JSON Web Token (JWT) template as an
authentication scheme and accepts JWTs to authenticate and authorize
a protected resource. The information in a JWT is encoded and
securely transmitted as a JSON object that is digitally signed using
JSON Web Signature (JWS). From Release 12.8.03, SiteMinder accepts a
JWT request of the signed, or encrypted, or signed and encrypted
A signed and encrypted JWT carries a header that is known as the
JOSE header (JSON Object Signing and Encryption) that describes the
algorithm, which used to process data contained in a JWT. JOSE
header defines the following header parameters:
Kid Key ID
9. (Optional) Select the Use JOSE Header KID as Certificate Alias.
Use JOSE Header KID as Certificate Alias for JWS Validation
Use JOSE Header KID as Certificate Alias for JWE Validation
Reserved Header Parameter Names
| Header | JSON | Header | |
| Parameter | Value | Parameter | Header Parameter Semantic |
| Name | Type | Syntax | |
| kid | string | string | The "kid" (key ID) header parameter is a hint |
| | | | indicating which specific key owned by the signer |
| | | | should be used to validate the signature. |
| | | | This allows signers to explicitly signal a change |
| | | | of key to recipients. Omitting this parameter |
| | | | is equivalent to setting it to an empty string. |
| | | | The interpretation of the contents of the "kid" |
| | | | parameter is unspecified. |
| | | | This header parameter is OPTIONAL. |