Need to use HS256 algorithm for sign with Jason Web Token (JWT)
Hi,
We need to integrate with external system from Pega 7.3.1 using Jason Web Token (JWT). In Pega Token Profile (DATA-ADMIN-SECURITY-TOKEN) instance, we can only select asymmetric algorithm attached below:
Customer's requirement is HS256 - that is one of a symmetric algorithm and that is a must. Is it possible to easily make it available? If it is not provided out-of-the-box, I need to know how we can custom build. Please let me know.
Thanks,
I also had the same problem as a external service required a HMac signed token. It's already time ago whe this quetion has been raised, but for the sec of somebody needs a complete solution.
This is a complete code which you can copy into a function rule and is should work immediately.
You need to include the following packages in your library which you will use for the fuction rule:
java.util.*
com.nimbusds.jwt.*
com.nimbusds.jose.*
com.nimbusds.jose.crypto.*
/* Code Block START*/
JWSObject signedJWT = null;
try{
// Create the JSON JWT Header
JWSHeader header = new JWSHeader(JWSAlgorithm.HS256);
// add expiration time (in milliseconds)
long expL = new Date().getTime();
expL = expL+90000;
// Create the JSON JWT Payload
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("/your Subject")
.expirationTime(new Date(expL))
.issueTime(new Date())
.issuer("yourIssuer")
.jwtID(key)
.claim("uid", "some claims you want") // append as much as you want before calling build(), like .claim("","").claim("","") as the return is always the builder object.
.build();
signedJWT = new SignedJWT( header, claimsSet );
// Sign with the HS256 key passed as the string parameter
signedJWT.sign( new MACSigner(key.getBytes()) );
}
catch ( Exception e )
{
oLog.infoForced("CustomUtils generate Token with HMac: " + e.getMessage() );
return "";
}
return signedJWT.serialize();
/* Code Block END*/
Hi Wilhelm,
We have some issue with OpenId connect rule for SSO, the current implementation(import metadata) will support RS256, but we need to pass HS256.
Do you know which function(OOTB) i need to put the above code to make SSO works?
Regards,
Anandh
You may try writing a custom java code in pyInvokeRest connector and implement the HS256 API’s from https://connect2id.com/products/nimbus-jose-jwt .
JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256),
new Payload("Hello, world!"));
// We need a 256-bit key for HS256 which must be pre-shared
byte[] sharedKey = new byte[32];
new SecureRandom().nextBytes(sharedKey);
// Apply the HMAC to the JWS object
jwsObject.sign(new MACSigner(sharedKey));
// Output to URL-safe format
jwsObject.serialize();
Thanks,
Arun