Skip to main content

Question

 Karan Bhalla (KaranB17)
Iffco Tokio General Insurance
Vice President
Iffco Tokio General Insurance
IN
KaranB17 Member since 2017 3 posts
Iffco Tokio General Insurance
Posted: 7 hours 9 minutes ago
Last activity: 7 hours 10 minutes ago
Posted: 1 May 2025 1:16 EDT
Last activity: 1 May 2025 1:16 EDT

Getting error while trying to sign JWT using HMAC-SHA256 Algorithm

I'm trying to Sign JWT Token using HMAC-SHA256 algorithm. For this I have created a keystore using Json Web key and trying to use in JWT Token profile. But getting following error on Save

Show More

I'm trying to Sign JWT Token using HMAC-SHA256 algorithm. For this I have created a keystore using Json Web key and trying to use in JWT Token profile. But getting following error on Save

java.lang.ClassCastException: class javax.crypto.spec.SecretKeySpec cannot be cast to class java.security.PublicKey (javax.crypto.spec.SecretKeySpec and java.security.PublicKey are in module java.base of loader 'bootstrap') 
	at com.pega.pegarules.session.external.authorization.KeystoreDataHandler.setKIDsForAliases(KeystoreDataHandler.java:340) ~[prenginext.jar:?] 
	at com.pega.pegarules.session.external.authorization.KeystoreDataHandler.initializeKeystore(KeystoreDataHandler.java:521) ~[prenginext.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.put(KeyStoreCacheImpl.java:472) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoretoCache(KeyStoreCacheImpl.java:286) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.loadKeyStoreIfKeyStoreNotCachedYet(KeyStoreCacheImpl.java:445) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.session.internal.authorization.KeyStoreCacheImpl.getAliases(KeyStoreCacheImpl.java:453) ~[prprivate-session.jar:?] 
	at com.pega.pegarules.integration.engine.internal.util.KeyStoreUtilsImpl.getKeyStoreAliases(KeyStoreUtilsImpl.java:1071) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProfileValidatorImpl.checkAliasInKeystore(JWTProfileValidatorImpl.java:830) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProfileValidatorImpl.validateKeystoreAliasPassword(JWTProfileValidatorImpl.java:733) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProfileValidatorImpl.validateJwsGenerationTokenProfile(JWTProfileValidatorImpl.java:423) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProfileValidatorImpl.validateGenerationTokenProfile(JWTProfileValidatorImpl.java:115) ~[printegrint.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTProfileValidatorImpl.validateTokenProfilePage(JWTProfileValidatorImpl.java:77) ~[printegrint.jar:?] 
	at com.pegarules.generated.activity.ra_action_validate_18d308885f64de23cd4f16349ca0104f.step2_circum0(ra_action_validate_18d308885f64de23cd4f16349ca0104f.java:273) ~[?:?] 
	at com.pegarules.generated.activity.ra_action_validate_18d308885f64de23cd4f16349ca0104f.perform(ra_action_validate_18d308885f64de23cd4f16349ca0104f.java:93) ~[?:?] 
	at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:2872) ~[prprivate-session.jar:?] 

Please help

Show Less
To see attachments, please log in.
Pega Platform 8.7.5
Pega Platform
Security
Insurance
Senior System Architect

  • Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice