Hi, Currently in order to validate the signature of a JWT in [1] we retrieve the correct certificate using the "*alias*" parameter passed on to the login module.
How is this value set in a real example? I mean how do we really decide which IDP issued the JWT to pick the correct alias for the module to do the signature validation? [1] https://github.com/wso2-extensions/carbon-security-login-module-jwt/blob/master/components/src/main/java/org/wso2/carbon/security/caas/module/jwt/JWTLoginModule.java Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com lean.enterprise.middleware Email: farasa...@wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
