acs signing a jwt ; wstrust token verification

The token we receive from the OAUTH endpoint of our Azure ACS namespace has a (decoded_ header field given below.


Using fiddler tools base64 decoder, we change – and _ back to + and /, and add the padding char(s)


It’s supposed to be a hash, and probably an SHA1 hash.


We see our GoDaddy cert is:


Now lets say that the cert has a critical extension. And it’s a URL, say, that demand that the verified contact a given OCSP responder.

If we now receive the JWT over a ws-trust channel, will the seucrity token resolvers pick up the JWT’s reference, locate the cert AND verify the cert chain?



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.