OAM 12c OAuth Access token validation

Question

I am trying to set up OAM 12c for implementing OAuth with default setup. Seeking your help to resolve signature related issue.

Issue - Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128

Use Case – Locally validating OAM 12c Access Token by using OAM Certificates for implementing OAuth (2 leg flow)

Description - OSB (Oracle Service Bus) is a oracle product to implement REST services and secure services using OWSM product. A UI application (for simulation we are using SOAP UI), will call this REST service and pass the JWT Token as a Bearer token(token generated by calling OAM 12c REST API) OSB should validate the token using the certificates of OAM.

Steps performed - 1. Imported the OAM certificates(under fmwconfig/defaultkeystore alias orakey) in OWSM default key store and as per oracle documentation it should validate the incoming JWT access token locally using OAM Certifcates. 2. Created Identity domain, Resource Server and Client using OAM API 3. Created token by calling OAM API 4. Passing this token to OSB REST API 5. Token Validation failed with below exception in OSB logs.

The exception we are receiving is –

Caused by: java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
              at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
              at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
              at java.security.Signature.verify(Signature.java:652)
              at oracle.security.restsec.jwt.JwtToken.verify(JwtToken.java:1558)

I have verified, the token generated at OAM12c is RSA256 with RSASHA256 signature, but looks like OSB (12.2.1.3.0) is unable to consume the same, please let know your inputs and help resolve this.

OAM 12c OAuth Access token validation

Answers (1)

Related Questions