Liberty Repository[8.5.5.4 or later]
This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.

Configuring an OpenID Connect Provider to use the RSA-SHA256 algorithm for signing of ID tokens

You can configure an OpenID Connect Provider to use the RS256 algorithm for the signing of ID tokens.

About this task

You can configure an OpenID Connect Provider to use the RSA-SHA256 signature algorithm for signing ID tokens by setting the signatureAlgorithm to RS256 and configuring a keystore with the private key used for signing.

Procedure

  1. In the server.xml file, create a keystore element that refers to the physical keystore that contains the private key that is capable of performing a RSA-SHA256 signature algorithm. For example:
    <keyStore id="opTestKeyStore" location="${server.config.dir}/opKeyStore.jks" type="JKS" password="keystorePwd" />
  2. Set the OpenID Connect Provider signatureAlgorithm attribute to RS256, set thekeyStoreRef attribute to the id value of the keystore element that is used in step 1, and set the keyAliasName to locate the private key in the keystore. Setting the keyStoreRef is optional if the keystore element id used in step 1 is opKeyStore. For example:
    <openidConnectProvider id="OAuthConfigSample" oauthProviderRef="OAuthConfigSample" signatureAlgorithm="RS256" keyStoreRef="opTestKeyStore" keyAliasName="myOpKeyAlias" />

Results

You have now configured an OpenID Connect Provider for signing ID tokens with RSA-SHA256.

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Tuesday, 12 December 2017
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_config_oidc_rs256
File name: twlp_config_oidc_rs256.html