[KNOX-2211] AliasBasedTokenStateService should store token state in topology-specific credential stores - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: 1.4.0
Fix Version/s: None
Component/s: Server
Labels:
None

Description

Currently, the AliasBasedTokenStateService persists all token state in the gateway's central credential store rather than a topology-specific credential store. This was done because the providers that also employ the TokenStateService do not know from which topology a token was produced, and therefore have not enough information to correctly specify a topology credential store.

It may be possible to include this missing topology information in the tokens themselves, such that the providers (or the TokenStateService) would be able to correctly specify the topology credential store.