[
https://issues.apache.org/jira/browse/KNOX-12?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13621150#comment-13621150
]
Larry McCay commented on KNOX-12:
---------------------------------
consider using jwk or jku in order to get the public key that corresponds to
the key used for the signature. See:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08.
> Configure aliases for JWT signature verification
> ------------------------------------------------
>
> Key: KNOX-12
> URL: https://issues.apache.org/jira/browse/KNOX-12
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.2.0
> Reporter: Larry McCay
> Labels: JWT, Security, Signature
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Currently the signature verification assumes that the cert used is the one
> that represents the gateway-identity.
> We need to be able to configure the alias of the cert for verification based
> on the issuer of the JWT.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
