acs signing a jwt ; wstrust token verification


The token we receive from the OAUTH endpoint of our Azure ACS namespace has a (decoded_ header field given below.

{“typ”:”JWT”,”alg”:”RS256″,”x5t”:”70W3nPRCCzSeXuqwsBVy2KMSMPk”}

Using fiddler tools base64 decoder, we change – and _ back to + and /, and add the padding char(s)

image

It’s supposed to be a hash, and probably an SHA1 hash.

image

We see our GoDaddy cert is:

image

Now lets say that the cert has a critical extension. And it’s a URL, say, that demand that the verified contact a given OCSP responder.

If we now receive the JWT over a ws-trust channel, will the seucrity token resolvers pick up the JWT’s reference, locate the cert AND verify the cert chain?

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.