0

**I'm testing mTLS with the latest version of IdentityServer4 (straight from the repository). I've configured a client on the test site to use/require mTLS and this works perfectly. (I've verified that I cannot get a token without the client certificate I've configured.)

However, when I look at the JWT token that the server returns, there seems to be a problem with the cnf claim. According to the mTLS specification (RFC8705), the cnf claim should have a property "x5t#S256" that holds the hash of the certificate that was used when the token was requested. **

However, this is the (unpacked) token I got from IdentityServer4:

`I'm using Identity Model package version 5.1.0 but I still don't receive the CNF value.

Syed Parveez
  • 1
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Feb 10 '22 at 12:59
  • Hi, Thanks for your response. The issue is resolved now. The problem was I was using higher version of System.IdentityModel.Token.Jwt (6.7.1) after downgrading it to "5.6.0" version the issue is resolved. – Syed Parveez Apr 12 '22 at 11:48

1 Answers1

0

This issue can be reproduced by the following code.

var payload = new JwtPayload();
payload.Add("cnf", JRaw.Parse("{\"x5t#S256\":\"foo\"}"));
var newtonsoftJson = Newtonsoft.Json.JsonConvert.SerializeObject(payload);
// output is {"cnf":{"x5t#S256":"foo"}}
var textJson = JsonSerializer.Serialize(payload);
// output is {"cnf":{"x5t#S256":[]}}

It has been fixed in https://github.com/cnblogs/IdentityServer4/pull/1/commits/0a7997d00105fd0ba7bca87ed1994d26eb99994e

dudu
  • 39
  • 1
  • 14