Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-873

JWTFederationFilter must Validate Expected Audiences

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.12.0
    • Component/s: Server
    • Labels:

      Description

      When a KnoxToken service configuration includes a particular audience or list of audiences it is intended for use with endpoints that are protected by a provider that will validate that it/they are contained in the audience claims of the token.

      This is done so that tokens issued by a KnoxToken service in a particular topology can be used only with specifically configured topologies. This can be used to constrain the number of services that clients have access to.

      JWTFederationFilter currently does not validate the presence of the expected audience claims.

      Must try and leverage existing code for the same capabilities from within the SSOCookieProvider.

        Attachments

          Activity

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: