[ https://issues.apache.org/jira/browse/KNOX-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandeep More reassigned KNOX-2146: ---------------------------------- Assignee: Sandeep More (was: Larry McCay) > Docs: Knox JWT token signature verification using public key > ------------------------------------------------------------ > > Key: KNOX-2146 > URL: https://issues.apache.org/jira/browse/KNOX-2146 > Project: Apache Knox > Issue Type: Bug > Components: Site > Affects Versions: 1.0.0 > Environment: Ubuntu 18.04, HDP 3.1 > Reporter: Matei C. > Assignee: Sandeep More > Priority: Minor > Fix For: 1.4.0 > > Attachments: knox_jwt_topo_apache_jira.txt, > knox_jwt_topo_apache_jira.txt, knox_jwt_topo_apache_jira.txt > > > Hello, > I have configured an Apache Knox (1.0.0) topology to accept 3rd party JWTs > by following this [Cloudera > guide|[https://community.cloudera.com/t5/Community-Articles/Knox-Accept-third-party-JWT/ta-p/248488]]. > > I would also like to verify the 3rd party JWts based on their signature by > adding my IdP's public key in PEM format for the JWT provider, but in the > guide it is specified that only PEM certificates are accepted (' [...] *In > current Knox version, public key is not supported, have to configure public > certificate [...]*') and I have not found any relevant documentation from > Knox on this subject. > > Can you please tell me if there is any solution to use public keys for JWT > verification in Knox 1.0.0 ? If not, are there any plans to support this in > future Knox releases ? > P.S.: > When adding the 'knox.token.verification.pem' parameter with the public key > in the JWT provider of my topology I noticed the below error in my > gateway.log, which does seem to confirm the public key limitation. > > {code:java} > javax.servlet.ServletException: javax.servlet.ServletException: > CertificateException - PEM may be corrupt > {code} > > Regards, > > -- This message was sent by Atlassian Jira (v8.3.4#803005)