JWKS

The JSON Web Key Set (JWKS) is a set of keys containing the public keys that should be used to verify any JSON Web Token (JWT) that is issued by an authorization server and signed using the RSA or ECDSA algorithms. WebSEAL has an in built application which provides a JWKS endpoint for making the local JWKS available to a caller. To enable this application, complete the following steps:

  1. Define the ‘jwks’ application within the ‘[local-apps]’ configuration stanza. For example:
    [local-apps]
    jwks = jwks.json

  2. Update the IBM ISAM authorization policy so that unauthenticated access is allowed to the JWKS resource.

For information, see Embedded Applications.

Parent topic: Embedded Applications

Parent topic: JSON Web Tokens in HTTP Headers