Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Joost Spekschoor (JSPEKSCH)
Achmea
LSA - Solution Architect Pega Marketing
Achmea
NL
JSPEKSCH Member since 2011 16 posts
Achmea
Posted: Oct 21, 2019
Last activity: Aug 12, 2020
Posted: 21 Oct 2019 9:11 EDT
Last activity: 12 Aug 2020 21:42 EDT
Closed

KID in Pega JWT Processing KeyStore with URL

Hi,

We are validating a token (JWT) within Pega using the TokenProfile rule.
For the signing part of the validation we are trying to use a well-known url in the keystore.

However during processing of the key we get an error that Pega is not able to find ; "Certificate does not exist, Keystore Entry is not either PrivateKeyEntry or TrustedCertificateEntry".

Looking at tokens generated by Pega they always have the KID field in the token.

However the tokenprovider we get the key from doesnt provide the KID field.

-> Could this be the issue we are facing? Missing KID field?


Workaround for now:
Putting the public key in a jks file does work :)

To see attachments, please log in.
Low-Code App Development
Security

  • Sai Charan K Joost Spekschoor Sudipta Biswas
Posted: 4 years ago
Posted: 12 Aug 2020 21:42 EDT
Srinivas Bharat Komarina (KOMARINA)
Accenture
Senior System Architect
Accenture
GB

Hi, 

Greetings, I have an issue when verifying the signature of a jwt token of type asymmetric. I am getting error as "Unable to retrieve JWK public key". I have converted the x5c from jwks into a certificate and imported the public key as a truststore into Pega but i still see this issue. Any pointers please?

Regards,

Bharat

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice