Question:
We'd like to know if the following token issued by CA Single Sign-On
is a JWT Signed Token.
The first part of the decrypted token doesn't have the "typ" header
and as such we'd like you to confirm that this token is a JWT.
{
kid: "65804645-989e-4833-8dd7-f17c7782ea00",
alg: "RS256"
}.
{
sub: "CN=myname,OU=myuser,O=myorganization",
aud: "c11d5f88-3bba-4a66-8faf-58d6bbb8547z",
mail: "myname@test.com",
auth_time: 1540223760,
iss: "https:\/\/mymachine.mydomain.com:9443",
exp: 1540227660,
permisos: "Rol2^Rol1",
iat: 1540223760,
nonce: "5zugzYdnoOoIKAxbxwqHmVoxFvtlLoeo8i8Hluvzsiie",
nombre: "Name of myname"
}.
[signature]
Answer:
At first glance, the "typ" header is optional.
JSON Web Token (JWT)
"Use of this Header Parameter is OPTIONAL."
https://tools.ietf.org/html/rfc7519#page-11
The section :
{
kid: "65804645-989e-4833-8dd7-f17c7782ea00",
alg: "RS256"
}.
is the jws header parameters given by CA Single Sign-On.
CA SSO 12.8 is an Certified OpenID Connect
implementation. Please refer below link for information.
https://openid.net/certification/
So CA SSO 12.8 is an Certified OpenID Connect implementation, as
OpenID Connect 1.0 RFC already set that the ID Token confirm the JWT
Signed and Encrypted contents in the Token.
KB : KB000121501