search

IdentityServer / IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
https://identityserver.io
Apache License 2.0
9.23k stars 4.02k forks source link

I'm unable to fetch CNF value in the Token. My Identity Model package version 5.1.0age is #5425

Closed syedparveez closed 2 years ago

syedparveez commented 2 years ago

I'm testing mTLS with the latest version of IdentityServer4 (straight from the repository). I've configured a client on the test site to use/require mTLS and this works perfectly. (I've verified that I cannot get a token without the client certificate I've configured.)

However, when I look at the JWT token that the server returns, there seems to be a problem with the cnf claim. According to the mTLS specification (RFC8705), the cnf claim should have a property "x5t#S256" that holds the hash of the certificate that was used when the token was requested. However, this is the (unpacked) token I got from IdentityServer4:

{ "alg": "RS256", "kid": "BD55BCDFD7DC43A6BACD426E6EC1E18AEC3CE375RS256", "typ": "at+jwt", "x5t": "vVW839fcQ6a6zUJubsHhiuw843U" } { "nbf": 1586950818, "exp": 1586951418, "iss": "https://localhost:44365", "client_id": "secure_client", "sub": "88421113", "auth_time": 1586947791, "idp": "local", "jti": "7CC98784B028BC9B707F5359CB21353B", "sid": "3CD31E0C8B6054ED80EAC2095EBB1335", "scope": [ "IdentityServerApi", "offline_access" ], "amr": [ "pwd" ], "cnf": { "x5t#S256": [] } }

I did refer the below link, But I'm using Identity Model package version 5.1.0 but I still don't receive the CNF value. https://github.com/IdentityServer/IdentityServer4/issues/4285

Thanks

syedparveez commented 2 years ago

@pieterphilippaerts, @leastprivilege

leastprivilege commented 2 years ago

Important update

This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.

The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.