{
  "alg": "RS256"
 }

To Be
{
  "alg": "RS256",
  "kid": "DHFbpoIUqrY8t2zpA2qXfCmr5VO5ZEr4RzHU_-envvQ",
  "typ": "JWT"
}

Hi,

this link explains the JWT specific attributes, which you could set in the mapping rule, e.g.in the JWT header:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/con_jwt_issue_mode.html

Sample:
stsuu.addContextAttribute(new Attribute("typ", "urn:ibm:JWT:header:claim", "JWT"));
stsuu.addContextAttribute(new Attribute("signing.kid", "urn:ibm:JWT:header:claim", "isam-key-01"));

Frank

------------------------------
Frank Thurau

Original Message:
Sent: Tue December 01, 2020 10:07 AM
From: Kim Petersen
Subject: JWT with kid and typ for Junctioned Backend Server

On ISAM 9.0.7

TFIM SSO enabled junction sends JWT to the backend server. [tfimsso:/jwtjct] is setup and uses tfim-cluster configuration to call STS.

The STS uses a chain with:
Validate -> Map (JWT claims attributes/payload) -> JWT Issue -> Map (adding Bearer to JWT - tip from this forum)

JWT is send to backend server. However the backend server requires kid and typ in the JWT header.
The JWT Issue module has some options regarding the signature, but not kid and typ for the header. How can these attributes be included into the JWT header?

As Is

{
  "alg": "RS256"
 }

To Be
{
  "alg": "RS256",
  "kid": "DHFbpoIUqrY8t2zpA2qXfCmr5VO5ZEr4RzHU_-envvQ",
  "typ": "JWT"
}