OpenID Connect behavior

Document ID : KB000121501
Last Modified Date : 29/11/2018
Show Technical Document Details
We'd like to know if the following token issued by CA Single Sign-On
is a JWT Signed Token.

The first part of the decripted token doesn't have the "typ" header 
and as such we'd like you to confirm that this token is a JWT. 

kid: "65804645-989e-4833-8dd7-f17c7782ea00", 
alg: "RS256" 

sub: "CN=myname,OU=myuser,O=myorganization", 
aud: "c11d5f88-3bba-4a66-8faf-58d6bbb8547z", 
mail: "", 
auth_time: 1540223760, 
iss: "https:\/\/", 
exp: 1540227660, 
permisos: "Rol2^Rol1", 
iat: 1540223760, 
nonce: "5zugzYdnoOoIKAxbxwqHmVoxFvtlLoeo8i8Hluvzsiie", 
nombre: "Name of myname" 
At first glance, the "typ" header is optional. 

JSON Web Token (JWT) 

"Use of this Header Parameter is OPTIONAL." 

The section : 

kid: "65804645-989e-4833-8dd7-f17c7782ea00", 
alg: "RS256" 

is the jws header parameters given by CA Single Sign-On. 

CA SSO 12.8 is an Certified OpenID Connect 
implementation. Please refer below link for information. 

So CA SSO 12.8 is an Certified OpenID Connect implementation, as 
OpenID Connect 1.0 RFC already set that the ID Token confirm the JWT 
Signed and Encrypted contents in the Token.