For signature validation of JWTs, you need to add the public certificate of the Identity Provider to the truststore of the API Microgateway. Follow the steps given below to import the certificate.
Convert the public certificate to a PEM format. For example,
openssl x509 -inform der -in public_certificate.cert -out certificate.pem
Import the certificate to the truststore. The
ballerinaTruststore.p12
resides in the generated distribution of the API Microgateway at<MICROGW_HOME>/runtime/bre/security
.keytool -import -keystore <MICROGW_HOME>/runtime/bre/security/ballerinaTruststore.p12 -alias wso2carbonjwt -file certificate.pem
Use the keytool that comes in JDK 8u60 or later.
Update the
certificateAlias
configuration in themicro-gw.conf
file residing in the<MICROGW_HOME>/conf
directory.
ThecertificateAlias
value iswso2carbonjwt
, which is also used in step 2.[jwtTokenConfig] issuer="https://localhost:8243/token" audience="http://org.wso2.apimgt/gateway" certificateAlias="wso2carbonjwt" trustStore.path="${ballerina.home}/bre/security/ballerinaTruststore.p12" trustStore.password="ballerina"