[ https://issues.apache.org/jira/browse/KNOX-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008515#comment-17008515 ]
Larry McCay commented on KNOX-2146: ----------------------------------- [~FortKnox] - can you attach your topology with the configure PEM encoded public key? Did you happen to remove the header and footer of it -----BEGIN CERTIFICATE----- and -----END e CERTIFICATE-----? We do assume that those are excluded and would likely result in such an error if they are included. > Docs: Knox JWT token signature verification using public key > ------------------------------------------------------------ > > Key: KNOX-2146 > URL: https://issues.apache.org/jira/browse/KNOX-2146 > Project: Apache Knox > Issue Type: Bug > Components: Site > Affects Versions: 1.0.0 > Environment: Ubuntu 18.04, HDP 3.1 > Reporter: Matei C. > Assignee: Larry McCay > Priority: Minor > Fix For: 1.4.0 > > > Hello, > I have configured an Apache Knox (1.0.0) topology to accept 3rd party JWTs > by following this [Cloudera > guide|[https://community.cloudera.com/t5/Community-Articles/Knox-Accept-third-party-JWT/ta-p/248488]]. > > I would also like to verify the 3rd party JWts based on their signature by > adding my IdP's public key in PEM format for the JWT provider, but in the > guide it is specified that only PEM certificates are accepted (' [...] *In > current Knox version, public key is not supported, have to configure public > certificate [...]*') and I have not found any relevant documentation from > Knox on this subject. > > Can you please tell me if there is any solution to use public keys for JWT > verification in Knox 1.0.0 ? If not, are there any plans to support this in > future Knox releases ? > P.S.: > When adding the 'knox.token.verification.pem' parameter with the public key > in the JWT provider of my topology I noticed the below error in my > gateway.log, which does seem to confirm the public key limitation. > > {code:java} > javax.servlet.ServletException: javax.servlet.ServletException: > CertificateException - PEM may be corrupt > {code} > > Regards, > > -- This message was sent by Atlassian Jira (v8.3.4#803005)