Larry McCay created KNOX-3347:
---------------------------------
Summary: Introduce TokenExchangePrincipal for extending Act claim
for token_exchange
Key: KNOX-3347
URL: https://issues.apache.org/jira/browse/KNOX-3347
Project: Apache Knox
Issue Type: Improvement
Components: JWT
Reporter: Larry McCay
Fix For: 3.0.0
Currently, the ActorChainPrincipal includes whatever act chain was in the
Subject token from the token_exchange. The presence of the
ImpersonatedPrincipal is currently only added by the identity assertion
provider based on a doAs and proxyuser based impersonation. This is required
for the new actor to be added to the nested 'act' claim.
Let's add not the use of the TokenExchangePrincipal to the identity assertion
logic that sets the ImpersonatedPrincipal in addition to the doAs pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
