[
https://issues.apache.org/jira/browse/KNOX-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220508#comment-16220508
]
ASF subversion and git services commented on KNOX-1067:
-------------------------------------------------------
Commit 9c7aa7e1c7471f71c783681b68beea8e6f3fc2dc in knox's branch
refs/heads/KNOX-1049 from [~coheigea]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=9c7aa7e ]
KNOX-1067 - Support different signature algorithms for JWTs
> Support different signature algorithms for JWTs
> -----------------------------------------------
>
> Key: KNOX-1067
> URL: https://issues.apache.org/jira/browse/KNOX-1067
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 0.14.0
>
> Attachments:
> 0001-KNOX-1067-Support-different-signature-algorithms-for.patch
>
>
> Right now, the Knox SSO and Token services can only issue tokens signed with
> RS256. This task is to support a wider range of signature algorithms.
> The following changes are proposed:
> a) The Knox Token Service has a new configuration parameter
> "knox.token.sigalg" which defaults to "RS256".
> b) The Knox SSO Service has a new configuration parameter
> "knoxsso.token.sigalg" which defaults to "RS256".
> c) The DefaultTokenAuthorityService checks the signing algorithm against a
> pre-defined list, which is all of the RSA algorithms (RS* and PS*) from the
> JWA spec.
> d) The JWTFederationFilter + the SSOCookieFederationFilter have a new
> configuration parameter "jwt.expected.sigalg" which defaults to "RS256". The
> received token must be signed with the algorithm that is configured for this
> value.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
