acs signing a jwt ; wstrust token verification

The token we receive from the OAUTH endpoint of our Azure ACS namespace has a (decoded_ header field given below.


Using fiddler tools base64 decoder, we change – and _ back to + and /, and add the padding char(s)


It’s supposed to be a hash, and probably an SHA1 hash.


We see our GoDaddy cert is:


Now lets say that the cert has a critical extension. And it’s a URL, say, that demand that the verified contact a given OCSP responder.

If we now receive the JWT over a ws-trust channel, will the seucrity token resolvers pick up the JWT’s reference, locate the cert AND verify the cert chain?

About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in SSO. Bookmark the permalink.