Question

KID in Pega JWT Processing KeyStore with URL

Hi,

We are validating a token (JWT) within Pega using the TokenProfile rule.
For the signing part of the validation we are trying to use a well-known url in the keystore.

However during processing of the key we get an error that Pega is not able to find ; "Certificate does not exist, Keystore Entry is not either PrivateKeyEntry or TrustedCertificateEntry".

Looking at tokens generated by Pega they always have the KID field in the token.

However the tokenprovider we get the key from doesnt provide the KID field.

-> Could this be the issue we are facing? Missing KID field?

Workaround for now:
Putting the public key in a jks file does work :)

Comments

Keep up to date on this post and subscribe to comments

October 21, 2019 - 10:07am

How do you generate the token?

October 22, 2019 - 11:35am
Response to vaspoz

Outside Pega on a "Authorisation server".

My only question is, does pega require a KID parameter?

October 22, 2019 - 11:47am
Response to JSPEKSCH

if that's the only question, I cannot say too much here. Glad that you found a workaround though