...
- Extract the payload (the second segment of the JWT).
Decode it using tools such as
base64
and use tools likejq
to explore the JSON payload:Code Block language bash echo '<Base64URL-encoded payload>' | tr '_-' '/+' | base64 - | jq
Validating Metadata Signatures:
...
Fetching and Validating Trust Marks:
Trust Marks are also represented as JWTs and must be validated before use. The validation process aligns with the steps outlined in Validating Metadata Signatures:
Fetch the Trust Mark Issuer’s Metadata:
- Retrieve the Entity Configuration Document of the Trust Mark Issuer public keys from its
/.well-known/
jwks.json endpoint:Code Block language bash curl https://openidfed-test-1.sunet.se:6001/.well-known/jwks.json
openid-federation
endpoint. - Follow the steps in Validating Metadata Signatures to decode and validate the metadata to obtain the public keys (
jwks
,jwks_uri
, orsigned_jwks_uri
).
Validate the Trust Mark:
- Use the validated Validate the Trust Mark’s signature against the public keys of the Trust Mark Issuer to verify the cryptographic signature of the Trust Mark JWT.
- Confirm that the Trust Mark is valid and applies to the intended entity.
Inspecting Decoded JSON:
...