Layer 7 API Management

Expand all | Collapse all

SHA256withRSA Padded characters

  • 1.  SHA256withRSA Padded characters

    Posted 03-28-2018 03:43 AM

    #algorithm #jwt

    Hi All,

     

    Is CA Gateway capable for verifying and decoding out of box generated JWT with SHA256withRSA which adding padded characters while signing?if it does not then what is the other way to decode this kind of JWT?

    PFB JWT generated by an android application which uses above specification:

     

    Header::-eyJhbGciOiJSUzI1NiJ9.

    Payload::-eyJpc3MiOiAiVUtNb2JpbGl0eUFwcENsaWVudFVB...[something]......NTIxNDU4OTg5In0=.

    Signed Payload::-YDAEV3nvnE2eLgPX5jDotVoohDWAF5pSmaH8k5xIqLSqiVE5fDTinv/hQ7pUSbxemEMvo/zv7iAf6z38dg+i+kyc0k0cZb2f56dXi0R4pwHO/2Of4x1WpRMHlg3lo89kzhn0TnlbjHfhxKPPZPFgBBlCgWPCCS/Yxx+aOe7BM8FiGWsWLyPxJb8GnJCjURNwcB/QLskZZ34Cz5SK/OgKJ+EQv7ujxXinGCFwnulfCUXWD8kW12bFH98w3Zm/y9xphX1vh2pjaY0wmjEG3/I9ijBRZpItYezvb4rK3pm/E1LrMSflWdwzlTRumFu97gDJYypiy9AyCIsI70SKmpj6mw==

     

    Above I've highlighted the characters which i don't see while signing the payload using any other method.[i.e. using CA assertion or online JWT generator]

     

    Note: Private key[.pem] is being used to sign/encrypt & verify/decrypt payload



  • 2.  Re: SHA256withRSA Padded characters

    Posted 03-28-2018 04:07 AM

    Hi,

     

    There is a new JWT authentication scheme from R12.8:

     

    JSON Web Token (JWT) Authentication Scheme
    CA Single Sign-On R12.8 supports JSON Web Token (JWT) template as an authentication scheme to authenticate and authorize the protected resource by accepting the JWT token.

     

    So as OOTB I do not find any detail on JWT tokens on previous releases related to Access Gateway so maybe a custom authentication scheme may work for you.



  • 3.  Re: SHA256withRSA Padded characters

    Posted 03-29-2018 04:49 AM

    Hey Albert, could you  please be more specific what you're suggesting to do as i'm not following what you've suggested.



  • 4.  Re: SHA256withRSA Padded characters

    Posted 03-29-2018 05:00 AM

    Hi Jaykumar,

     

    I think it will not be useful for you as I thought you were using CA Access Gateway (which is a CA Single Sign-On component), however you are actually using CA API Gateway which is from a different product, so this question should be raised in a different place:

    CA API Management Community 

    That is why Vijay was asking for more details.



  • 5.  Re: SHA256withRSA Padded characters

    Posted 04-02-2018 01:48 AM

    Thanks for the clarification albert, but haven't i posted this inCA API Management Community ?  it's showing me the same community while edit.



  • 6.  Re: SHA256withRSA Padded characters

    Posted 03-28-2018 04:57 PM

    Jaykumar,  Questions:  Do you mean Access Gateway or API Gatway?  Are you using/ evaluating beta CA SSO R12.8?  It's not formally released yet. What version of CA SSO are you using? Plse confirm. Also, can you please describe your configuration and use case in more detail so we understand better what you're trying to accomplish?

    Thanks, - Vijay



  • 7.  Re: SHA256withRSA Padded characters

    Posted 03-29-2018 04:47 AM

    HI Vijay, We're using API Gateway and we're not using any version of CA SSO. In simple words, what we're doing is once we receive the JWT from client app[android] ,we 're verifying the signature and decoding the JWT using Decode JWT assertion of CA. The issue we're facing is that this assertion is not able to verify the signature as it seems there are some padded  characters being added on client app while signing payload using SHA256withRSA. is there any way we could handle this scenario on CA gateway? 



  • 8.  Re: SHA256withRSA Padded characters

    Posted 03-05-2019 05:20 PM

    Good afternoon,

     

    Normally we have seen issues when the JWT is not BASE64 encoded so applications and browsers may attempt to URL encode certain values causing the signature to not be accepted.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support