Generate Json Web Signature
Generate Json Web Signature policy generates a Json Web Signature with headers specified here and the payload sent along with the request.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: Generate Json Web Signature configuration attributes
Property | Description |
Secret Key | Provide when a symmetric algorithm like HS256 is specified. The minimum length of the string has to be 256, 384, 512 bits for HS256, HS384, HS512 respectively. |
Headers | The Header table must have at least one Header bearing the name "alg". Click the Add button to add Header details. Generating JWSSymmetric algorithmWhile using Symmetric Algorithms like HS256, use "alg" Identifier value as "HS256". HS256
Asymmetric algorithmWhile using Asymmetric algorithms like ES256 or RS256, providing two headers — "alg" and "kid" is mandatory. Please refer to the Key ID description in the Json Web Token policy section to know how to set the "kid" Header value and to input the Private JSON Web keys. RS256
ES256 |
Json Web Keys | Provide when an asymmetric algorithm like RS256 or ES256 is specified. Please refer to the Json web keys property description in the Json Web Token policy to know how to input the Private JSON Web keys. |
Load Keys From URL | If Json Web Keys are exposed in a specific URL, then enable this property.
|
Keys URL | Specify the URL in which Json Web Keys are exposed. If it's a secured URL (Eg: https://www.googleapis.com/oauth2/v3/certs), the certificate of the corresponding server has to be added to the Truststore located at installer\esb\server\profiles\certs\jssecacerts. Password of this Truststore is "passphrase". Sample Keytool command for importing certificate into truststore with an optional entry name(alias) as is given below.
CODE
With this command, "samplecert1.cer" certificate can be added to the truststore "jssecacerts" with an entry name "samplealias". |
Example
Request
curl -X POST \ http://192.168.2.231:2160/generateSignature/1.0/ -d '{"iss":"fiorano"}'Response
Generates JWS and sets it in the context variable named "jws.signature".