[KNOX-873] JWTFederationFilter must Validate Expected Audiences - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.12.0
Component/s: Server
Labels:
- kip-4

Description

When a KnoxToken service configuration includes a particular audience or list of audiences it is intended for use with endpoints that are protected by a provider that will validate that it/they are contained in the audience claims of the token.

This is done so that tokens issued by a KnoxToken service in a particular topology can be used only with specifically configured topologies. This can be used to constrain the number of services that clients have access to.

JWTFederationFilter currently does not validate the presence of the expected audience claims.

Must try and leverage existing code for the same capabilities from within the SSOCookieProvider.

Attachments

Activity

People

Assignee:: Larry McCay

Reporter:: Larry McCay

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Feb/17 01:43

Updated:: 28/Mar/19 14:17

Resolved:: 08/Feb/17 03:20