IBM Security Verify

Hi Team,

We are trying to add "jku" and "jwk" optional parameter of JOSE header. Based on RFC (https://datatracker.ietf.org/doc/html/rfc7515#section-4) these parameters are optional but there should be some way to configure/add these optional parameters in ISAM. May I know if anyone knows how to customize JOSE header and add optional parameters in header?

Thanks

------------------------------
Amitesh Singh
------------------------------

Amitesh,

When you're building a JWT, the input will be an STSUUSER object (either within identity mapping rule in STS chain or as input to call to STS from a pre-token mapping rule).
In this STSUUSER object you need to add Context Attributes which have the name of the header you want to add and type urn:ibm:JWT:header:claim.  These will be added to the header of the JWT when it is created.

e.g. (in mapping rule of JWT creation STS chain):

var myJku = "myJkuValue";

var attr1 = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute(
              "jku",
              "urn:ibm:JWT:header:claim",
              myJku);

stsuu.addContextAttribute(attr1);

(shout out to @Shane Weeden)

Cheers... Jon.

​

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Thu July 29, 2021 10:08 PM
From: Amitesh Singh
Subject: ISAM AAC: how to add optional "jwk" and "jku" in JOSE header of JWS

Hi Team,

We are trying to add "jku" and "jwk" optional parameter of JOSE header. Based on RFC (https://datatracker.ietf.org/doc/html/rfc7515#section-4) these parameters are optional but there should be some way to configure/add these optional parameters in ISAM. May I know if anyone knows how to customize JOSE header and add optional parameters in header?

Thanks

------------------------------
Amitesh Singh
------------------------------

Thanks a lot Jon for your response. Type urn:ibm:JWT:header:claim is a key, I was trying wrong type hence not getting added to header. I will try this. Thank you.

------------------------------
Amitesh Singh
------------------------------

Original Message:
Sent: Fri July 30, 2021 05:32 AM
From: Jon Harry
Subject: ISAM AAC: how to add optional "jwk" and "jku" in JOSE header of JWS

Amitesh,

When you're building a JWT, the input will be an STSUUSER object (either within identity mapping rule in STS chain or as input to call to STS from a pre-token mapping rule).
In this STSUUSER object you need to add Context Attributes which have the name of the header you want to add and type urn:ibm:JWT:header:claim.  These will be added to the header of the JWT when it is created.

e.g. (in mapping rule of JWT creation STS chain):

var myJku = "myJkuValue";var attr1 = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute(              "jku",              "urn:ibm:JWT:header:claim",              myJku);stsuu.addContextAttribute(attr1);

(shout out to @Shane Weeden)

Cheers... Jon.

​

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Thu July 29, 2021 10:08 PM
From: Amitesh Singh
Subject: ISAM AAC: how to add optional "jwk" and "jku" in JOSE header of JWS

Hi Team,

We are trying to add "jku" and "jwk" optional parameter of JOSE header. Based on RFC (https://datatracker.ietf.org/doc/html/rfc7515#section-4) these parameters are optional but there should be some way to configure/add these optional parameters in ISAM. May I know if anyone knows how to customize JOSE header and add optional parameters in header?

Thanks

------------------------------
Amitesh Singh
------------------------------