Amitesh,
When you're building a JWT, the input will be an STSUUSER object (either within identity mapping rule in STS chain or as input to call to STS from a pre-token mapping rule).
In this STSUUSER object you need to add Context Attributes which have the name of the header you want to add and type
urn:ibm:JWT:header:claim
. These will be added to the header of the JWT when it is created.
e.g. (in mapping rule of JWT creation STS chain):
var myJku = "myJkuValue";
var attr1 = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute(
"jku",
"urn:ibm:JWT:header:claim",
myJku);
stsuu.addContextAttribute(attr1);
(shout out to @Shane Weeden)
Cheers... Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Thu July 29, 2021 10:08 PM
From: Amitesh Singh
Subject: ISAM AAC: how to add optional "jwk" and "jku" in JOSE header of JWS
Hi Team,
We are trying to add "jku" and "jwk" optional parameter of JOSE header. Based on RFC (https://datatracker.ietf.org/doc/html/rfc7515#section-4) these parameters are optional but there should be some way to configure/add these optional parameters in ISAM. May I know if anyone knows how to customize JOSE header and add optional parameters in header?
Thanks
------------------------------
Amitesh Singh
------------------------------