Bug ID 1365497

Bug Tracker
ID 1365497

Bug ID 1365497: JWT 'kid' is not matching any valid JWKs 'kid'

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0

Opened: Sep 29, 2023

Severity: 3-Major

Symptoms

A request with JWT that holds a 'kid' in its header, which seems to be identical to one of the JWKs that is attached to the access profile may cause a malformed violation: "JWT 'kid' is not matching any valid JWK 'kid'"

Impact

A request with a valid JWT may be blocked

Conditions

Import JWKs file with unsupported x5c format

Workaround

Import valid JWKs file

Fix Information

A valid JWT request will not cause a malformed violation

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips