[
https://issues.apache.org/jira/browse/KNOX-3347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18093662#comment-18093662
]
ASF subversion and git services commented on KNOX-3347:
-------------------------------------------------------
Commit 542fb11789555484f4ae6d14be1ef890d41a0227 in knox's branch
refs/heads/knox_idf from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=542fb1178 ]
KNOX-3347 - Introduce TokenExchangePrincipal for extending Act claim … (#1262)
* KNOX-3347 - Introduce TokenExchangePrincipal for extending Act claim for
token_exchange
(cherry picked from commit 5d410895d452a6fe8b270a59ffce8d3a48237160)
> Introduce TokenExchangePrincipal for extending Act claim for token_exchange
> ---------------------------------------------------------------------------
>
> Key: KNOX-3347
> URL: https://issues.apache.org/jira/browse/KNOX-3347
> Project: Apache Knox
> Issue Type: Improvement
> Components: JWT
> Reporter: Larry McCay
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Currently, the ActorChainPrincipal includes whatever act chain was in the
> Subject token from the token_exchange. The presence of the
> ImpersonatedPrincipal is currently only added by the identity assertion
> provider based on a doAs and proxyuser based impersonation. This is required
> for the new actor to be added to the nested 'act' claim.
> Let's add not the use of the TokenExchangePrincipal to the identity assertion
> logic that sets the ImpersonatedPrincipal in addition to the doAs pattern.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)