Oracle Access Manager (OAM) 12c: x5t And x5t#S256 Digests For /oauth2/rest/security Have Trailing Padding Characters
(Doc ID 2931531.1)
Last updated on AUGUST 02, 2024
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
The output of REST endpoint /oauth2/rest/security is not compliant with RFC 7515 for "x5t" and "x5t#S256" digests because they have trailing "=" characters.
As per RFC 7515:
=> The "x5t" (X.509 certificate SHA-1 thumbprint) Header Parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.
=> The "x5t#S256" (X.509 certificate SHA-256 thumbprint) Header Parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.
=> Base64url encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' characters OMITTED and without the inclusion of any line breaks, whitespace, or other additional characters.
=> The "x5t#S256" (X.509 certificate SHA-256 thumbprint) Header Parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.
=> Base64url encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' characters OMITTED and without the inclusion of any line breaks, whitespace, or other additional characters.
Test:
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |