Topic
  • 2 replies
  • Latest Post - ‏2015-03-08T01:32:43Z by The_Crazy
The_Crazy
The_Crazy
3 Posts

Pinned topic Verifying LTPA Token Signature

‏2014-01-10T14:53:00Z |

Hello,

 

Anyone knows how to verify the signature of the LTPA token? I need to know the format of the LTPA public key to be able to create the  RSAPublicKeySpec

Any help, on the format of the public key, please let em know.

 

cheers

  • GJ215Garry
    GJ215Garry
    1 Post

    Re: Verifying LTPA Token Signature

    ‏2015-03-07T15:45:22Z  

    Good question, I can't find any information on this. I'm also not sure of the value of verifying the signature. What is your reasoning?

  • The_Crazy
    The_Crazy
    3 Posts

    Re: Verifying LTPA Token Signature

    ‏2015-03-08T01:32:43Z  

    Good question, I can't find any information on this. I'm also not sure of the value of verifying the signature. What is your reasoning?

    All good now. I can do everything with the token.

    if the secret key is compromised which likely as it is distributed to other apps verifying the token in an SSO environment then the signature is your only way you can guarantee that the token is valid.

     

    any one can re-compose the token to impersonate anyone else and put some rubbish instead of the signature. If your app couldn't verify it then impersonation would be successful as the key would be valid.