[
https://issues.apache.org/jira/browse/SYNCOPE-1936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-1936:
--------------------------------------------
Description:
The current OIDC JWKS generator is generating only for {{SIGNATURE}} and
{{CURRENT}}.
Since no {{ENCRYPTION}} nor {{FUTURE}} keys are generated, this is causing
malfunctions to both encryption and
[rotation|https://apereo.github.io/cas/7.3.x/authentication/OIDC-Authentication-JWKS-Rotation.html#jwks-rotation---openid-connect-authentication].
was:
JWKS with key to be used for encryption canno be generated.
The expected use of the keys to be genrerated cannot be specified so a single
signing key is provided and added to the JWKS.
You can find confirmation by looking into OIDCJWKSDataBinderImpl where just
KeyUse.SIGNATURE is handled.
This is a big problem for WA that currently cannot encrypt JWTs by limiting,
consequently, some functions like as OIDC.
Issue Type: Bug (was: Improvement)
Summary: WA: only SIGNATURE and CURRENT keys generated for OIDC (was:
Cannot be generated JWKS with enc key inside)
> WA: only SIGNATURE and CURRENT keys generated for OIDC
> ------------------------------------------------------
>
> Key: SYNCOPE-1936
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1936
> Project: Syncope
> Issue Type: Bug
> Components: core, wa
> Affects Versions: 3.0.15, 4.0.3
> Reporter: Fabio Martelli
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 3.0.16, 4.0.4, 4.1.0
>
>
> The current OIDC JWKS generator is generating only for {{SIGNATURE}} and
> {{CURRENT}}.
> Since no {{ENCRYPTION}} nor {{FUTURE}} keys are generated, this is causing
> malfunctions to both encryption and
> [rotation|https://apereo.github.io/cas/7.3.x/authentication/OIDC-Authentication-JWKS-Rotation.html#jwks-rotation---openid-connect-authentication].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
