Skip to content
CA API Gateway - 9.3
Documentation powered by DocOps

Create JSON Web Key Assertion

Last update May 28, 2018

The Create JSON Web Key Assertion creates a JSON Web Key Set (JWKS) using private keys that you specify.

Example of a JSON Web Key Set:

  "keys" : [ { 
  "kty" : "RSA", 
  "kid" : "1", 
  "use" : "sig",  
  "n" : "k9-F-fE4RWeyvErnyQhdbGO-468-UYq9uoEmxZFWLe6oZ0mdDXc9RSSfNpvA0cqu_JcqMPjQkKVKLKpvuYPj4ytX4jPEbfYB0A01FAxnD5efA-6rZ  
  "e" : "AQAB" 
} ]

The output of this assertion is always in the JWKS structure and is wrapped in the 'keys' JSON member.

Note: (1) The JWKS produced by this assertion contains only public key information. It does not include any private key or symmetric key information. As a result, this output cannot be used to sign a JWT token in the Encode JSON Web Token Assertion. It also cannot decrypt a JWT token in the Decode JSON Web Token Assertion. It can be used to encrypt a JWT token or validate a JWT token signature. (2) This assertion always creates a JSON Web Key Set, even if it comprises only a single JSON Web Key.


Context Variables

The JSON Web Key is stored in a variable named ${<output_variable>}, where "<output_variable>" is set in the Output Variable field of the assertion properties.

Cluster Properties

None for this assertion directly.

Related: See jwt.showAllAlgorithms under "Cluster Properties" in Encode JSON Web Token Assertion.

Assertion Properties

Setting What You Should Know
JSON Web Key

Use the Add, Edit, and Delete controls to assemble the list of JSON Web Keys that comprise the JSON Web Key Set.

When adding or editing, complete the following fields in the Key Information Dialog. When deleting, the entry is removed immediately with no further confirmation. 

Recipient Public Key

 Select a key from the keystore to include in the JSON Web Key Set.

Tip: The keys displayed in the drop-down list are defined by the Manage Private Keys task. If the key you want is not listed, define it through that task first.

Key ID

Enter the ID of the key to use. You can enter the actual ID or can specify a context variable.

Tip: You can use the Generate UUID Assertion to create unique identifiers.

Key Usage

 Specify the intent of the key: Encryption or Signature.

Tip: If you choose 'Signature', note that the JWKS only contains public key information. It is not suitable for signing JSON Web Tokens. However it is suitable for validating a JSON Web Token signature.

Was this helpful?

Please log in to post comments.