Hi all, It occurred to me that we can easily support SSO using third party JWT tokens. Instead of (or as well as) having a single "jwsSignatureVerifier" in securityContext.xml, we could have a map of issuer -> jwsSignatureVerifier Objects.
We could get the verifier to use to verify the signature by querying the map using the issuer of the token. If this succeeds, and if the subject is a known user, we could allow the call to proceed. Alternatively, we could have a separate service which translates third party JWT tokens into local SSO tokens. WDYT? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
