[OPENAM-15154] Update supported ID token encryption algorithms to include ECDH-ES - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.5.2, 7.0.0
Fix Version/s: 7.0.0
Component/s: OpenID Connect
Labels:
- AME
- Must-Fix
- TESLA

Target Version/s:

7.0.0, 6.5.4

Sprint:
AM 2019.14 - Rotary Mill, AM 2019.15 - Gears

Description

Bug description

The default supported ID token encryption algorithms (OAuth 2 Provider settings > OpenID Connect) does not list any of the ECDH-ES algorithms, but we do actually support these since the secrets API work. This means that the OIDC discovery document will not list support for these algorithms by default.

How to reproduce the issue

Look at the default supported encryption algorithms

Expected behaviour

Should list:

RSA1_5, RSA-OAEP, RSA-OAEP-256
dir, A128KW, A192KW, A256KW
ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW

Current behaviour

RSA1_5, RSA-OAEP, RSA-OAEP-256
dir, A128KW, A192KW, A256KW

Work around

Manually add the ECDH algorithms to the list.

Code analysis

Config update required

Attachments

Issue Links

is documented by

OPENAM-15151 OIDC encryption documentation is missing ECDH-ES support

Resolved

Activity

People

Assignee:

Kajetan Hemzaczek

Reporter:

Neil Madden

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

02/Jul/19 12:15 PM

Updated:

20/May/20 1:26 PM

Resolved:

24/Oct/19 3:36 PM