The current subjects condition within an authorization policy, provides the ability to check claims presented within a JWT/OpenID id_token. This condition however, does not verify the signature of the token, with no facility to enter cryptographic details to do so.
Ideally this condition, should provide option to enter HMAC or RSA signing details in order to verify the token presented. Public key material could be alias based assuming the 3rd party certificate was imported in to the OpenAM key store. HMAC shared secret could be a free form field.
Currently this can only be handled via a scripted condition as written up here: