[jira] [Work logged] (KNOX-3266) Allow SSO cookie verification using JWKS endpoints

Mon, 02 Mar 2026 12:27:17 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-3266?focusedWorklogId=1007540&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1007540
 ]

ASF GitHub Bot logged work on KNOX-3266:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/Mar/26 20:26
            Start Date: 02/Mar/26 20:26
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on code in PR #1168:
URL: https://github.com/apache/knox/pull/1168#discussion_r2874515013


##########
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenAuthorityServiceMessages.java:
##########
@@ -20,14 +20,15 @@
 import org.apache.knox.gateway.i18n.messages.Message;
 import org.apache.knox.gateway.i18n.messages.MessageLevel;
 import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.i18n.messages.StackTrace;
 
 @Messages(logger = "org.apache.knox.gateway.services.token.state")
 public interface TokenAuthorityServiceMessages {
   @Message(level = MessageLevel.ERROR, text = "There was an error getting kid, 
cause: {0}")
   void errorGettingKid(String message);
 
   @Message(level = MessageLevel.ERROR, text = "Failed to verify token using 
JWKS endpoint {0}, reason: {1}")
-  void jwksVerificationFailed(String jwksUrl, String reason);
+  void jwksVerificationFailed(String jwksUrl, String reason, @StackTrace( 
level = MessageLevel.ERROR) Exception e);

Review Comment:
   But this isn't a `printStackTrace`. It's a control over when to `log` the 
stack (above certain log level, see details in 
`org.apache.knox.gateway.i18n.messages.MessagesInvoker#findLoggableThrowable`).
   
   I did a small test (changed the above JWKS URL to an invalid one). In 
gateway.log, I can see it (that's why I added to be honest). However, neither 
in gateway.out nor in gateway.err I saw anything...
   





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1007540)
    Time Spent: 1h  (was: 50m)

> Allow SSO cookie verification using JWKS endpoints
> --------------------------------------------------
>
>                 Key: KNOX-3266
>                 URL: https://issues.apache.org/jira/browse/KNOX-3266
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO, Server
>    Affects Versions: 2.1.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> As of today, the JWTFederation filter can be configured to verify JWT tokens 
> using pre-configured JWKS endpoint(s). This feature, however, is not 
> available in the SSOCookieProvider filter, which we need to add.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to