[jboss-jira] [JBoss JIRA] (WFLY-12951) JWT signed by 1024 bit long key is rejected
Darran Lofthouse (Jira)
issues at jboss.org
Thu Jan 9 11:24:00 EST 2020
[ https://issues.redhat.com/browse/WFLY-12951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13945030#comment-13945030 ]
Darran Lofthouse commented on WFLY-12951:
-----------------------------------------
As discussed within WFWIP-288 there is an ambiguity in the spec where MP JWT requires a specific signature algorithm and subsequently specifies using a key size too small for that algorithm. This WFLY issue is to track so we can follow up on the next iteration of spec development.
> JWT signed by 1024 bit long key is rejected
> -------------------------------------------
>
> Key: WFLY-12951
> URL: https://issues.redhat.com/browse/WFLY-12951
> Project: WildFly
> Issue Type: Bug
> Components: MP JWT
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
>
> According to MP-JWT 1.1 specification, 1024 and 2048 bit key sizes must be supported. Though when there is JWT signed by 1024 bit long key presented to the server, it is rejected and client receives "Unauthorized" (code 401) message.
> See chapter 9.2. Supported Public Key Formats:
> {quote}
> Support for RSA Public Keys of 1024 or 2048 bits in length is required. Other key sizes are allowed, but should be considered vendor-specific.
> {quote}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list