-1

I have integrated wso2is-5.5.0 and weblogic12c(OWSM) with our product for OAuth2 implementation.

Imported wso2carbon certificate in weblogic12c(OWSM) key store for token decryption.

Facing same issue, can anyone please provide information about following question:

  1. How wso2is-5.5.0 encrypt OAuth token? From which key? what is key location path?
  2. I am not able to see correct kid values in our OAuth token generated form wso2is-5.5.0. Because key alias is wso2carbon and token has kid NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ.
  3. Do I have to use custom certificate and key alias? Can you please provide document/link to follow steps?
  4. Is there any way to use custom OAuth Client Key and OAuth Client Secret?
Community
  • 1
  • 1
Sushant
  • 1
  • 1

1 Answers1

0

Answering your questions,

  1. If you have enabled the JWT encryption, it is encrypted with the key you have configured in the service provider.
  2. In the IS implementation thumbprint of the certificate is used for kid value.
  3. To encrypt the JWT, you always have to upload the public cert to the service provider config. Otherwise you can't encrypt the JWT. So always you are using a custom certificate. Refer this doc to get more details on how to add cert to service provider config.
  4. This is possible if you are adding the service provider from the admin service. Refer to this doc for more information.

Apart from the above questions, if you are signing the JWT, it is signed using the server private key (for super tenant. In case of tenant, tenant private key is used). Default keystore wso2carbon.jks is location in <IS_HOME>/repository/resources/security. You must change this keystore when you do the deployment in production. Refer this and this to change the keystore.

Hope all of your questions are answered.

Maduranga Siriwardena
  • 1,341
  • 1
  • 13
  • 27