Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10501

Offer the possibility to use different kind of RS keys for signing, other than RS256

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 14.0.0
    • Fix Version/s: 6.0.0
    • Component/s: oauth2
    • Labels:
    • Target Version/s:
    • Support Ticket IDs:

      Description

      Description

      Because of COMMONS-143, we are restricted in our signing algorithm choice. The only RS algorithm available today is RS256. A reasonable expectation from AM would be to use different RS, like RS512.

      edit:
      The current OAuth2 provider settings is not offering the possibility to specify the algorithms to use for RS signing.

      What we currently have is the following:

      "Token Signing RSA public/private key pair" : "test"
      "Token Signing ECDSA public/private key pair alias" : "ES512|test", "ES256|test", "ES384|test"

      For "Token Signing RSA public/private key pair", OpenAM doesn't enforce the algorithm to use. It's then hard coded to RS256 in the AM code.

      We may want to do the same for RSA for consistency and code re-usability. Customers would be able to have more than one key for RSA.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phillcunnington Phill Cunnington
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: