[HS256] Use HS256 rather than RS256 for Id Token Signature - keycloak-user - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[HS256] Use HS256 rather than RS256 for Id Token Signature

Integrate with WebLogic?

Re: [keycloak-user] Different...

FOUTREIN Thomas

Tuesday, 16 January 2018 Tue, 16 Jan '18

10:42 a.m.

Hello, I m trying to connect our keycloak instance with France Connect (the french public openid connect platform) But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256 with a shared secret to verify the signature I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token generated (always RS256) Do you have a simple solution for that ? thanks in advance Thomas

Reply

Show replies by date

Marek Posolda

Thursday, 18 January Thu, 18 Jan

3:34 a.m.

We don't support anything beyond the RS256 for sign ID tokens. OpenID Connect has a way that allow every client to specify signature algorithm - parameter "id_token_signed_response_alg" described in the specs [1] . But we don't have support for this ATM. Feel free to create JIRA (but it probably won't have very big priority). [1] http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata Marek On 16/01/18 17:42, FOUTREIN Thomas wrote:

Hello, I m trying to connect our keycloak instance with France Connect (the french public openid connect platform) But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256 with a shared secret to verify the signature I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token generated (always RS256) Do you have a simple solution for that ? thanks in advance Thomas _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

FOUTREIN Thomas

3:46 a.m.

Hi , Ok , thank you very much for your response Thomas ________________________________________ De : Marek Posolda <mposolda(a)redhat.com> Envoyé : jeudi 18 janvier 2018 10:34 À : FOUTREIN Thomas; keycloak-user Cc : JACQUEMART Olivier Objet : Re: [keycloak-user] [HS256] Use HS256 rather than RS256 for Id Token Signature We don't support anything beyond the RS256 for sign ID tokens. OpenID Connect has a way that allow every client to specify signature algorithm - parameter "id_token_signed_response_alg" described in the specs [1] . But we don't have support for this ATM. Feel free to create JIRA (but it probably won't have very big priority). [1] http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata Marek On 16/01/18 17:42, FOUTREIN Thomas wrote:

Hello, I m trying to connect our keycloak instance with France Connect (the french public openid connect platform) But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256 with a shared secret to verify the signature I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token generated (always RS256) Do you have a simple solution for that ? thanks in advance Thomas _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

2315

days inactive

2317

days old

keycloak-user@lists.jboss.org

Manage subscription

2 comments

2 participants

tags (0)

participants (2)

FOUTREIN Thomas
Marek Posolda