Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Decode Keystone Token in Java


We're evaluating using keystone as an identity service for our Java-based application in an enterprise environment. In doing so we'll need to decode and check the signed token provided by a user.

Here's where I am at:

  • I have user/tenant/roles in keystone
  • I can 'getToken', can query using token and perform actions against keystone through Java via KS API no problem
  • I have the CA and Signing certificates (/certifcate/signing, /certificate/ca) as a String in a variable

I've read that it is CMS encoded and signed with the certs, and i've been trying to use BouncyCastle libraries with no luck

Does anyone have examples on how I can decode the Token to get the original message, preferably in Java?

Any input would be much appreciated!