Hi Pubudu,
Did you able to check this locally and confirm? Don't we have to enable
*EnableJWTGeneration* property to append the JWT header?
Thanks and Regards
On Mon, Nov 20, 2017 at 9:52 AM, Pubudu Gunatilaka <pubu...@wso2.com> wrote:
> Hi Rukshan,
>
> My concern is why we need to enable JWT in gateway? The jwt is getting
> generated in KM/IS and gateway only passes the JWT to the backend. I do not
> see a valid reason to enable JWT in gateway node if there isn't any usage.
>
> Thank you!
>
> On Mon, Nov 20, 2017 at 12:09 PM, Rukshan Premathunga <ruks...@wso2.com>
> wrote:
>
>> Hi pubudu,
>>
>> This depends on the backend right? if it need such a authorization,
>> cluster or Single AM setup we need to generate the JWT and pass to the
>> backend. So it is upto the backend implementation i think.
>>
>> Thanks and Regards
>>
>> On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka <pubu...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Do we need to enable JWT in gateway node [1] in a fully distributed
>>> deployment where KM/IS is hosted separately?
>>>
>>> I can see the JWT is passed to the backend.
>>>
>>> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
>>>> {org.apache.synapse.transport.http.headers} - http-outgoing-1 >>
>>>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
>>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
>>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
>>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
>>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
>>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
>>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
>>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR
>>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc
>>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb
>>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c
>>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI
>>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI
>>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS
>>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL
>>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa
>>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK
>>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ
>>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM= {org.apache.synapse.transport.
>>>> http.headers}
>>>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
>>>> {org.apache.synapse.transport.http.wire} - HTTP-Sender I/O dispatcher-1 <<
>>>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
>>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
>>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
>>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
>>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
>>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
>>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
>>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR
>>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc
>>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb
>>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c
>>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia
>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI
>>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI
>>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS
>>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL
>>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa
>>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK
>>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ
>>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]"
>>>> {org.apache.synapse.transport.http.wire}
>>>
>>>
>>>
>>> What is the need to enable JWT in gateway node?
>>>
>>> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment
>>> +of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-Co
>>> nfiguretheGateway
>>>
>>> Thank you!
>>> --
>>> *Pubudu Gunatilaka*
>>> Committer and PMC Member - Apache Stratos
>>> Senior Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> mobile : +94774078049 <%2B94772207163>
>>>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Rukshan Chathuranga.
>> Software Engineer.
>> WSO2, Inc.
>> +94711822074 <+94%2071%20182%202074>
>>
>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
--
Rukshan Chathuranga.
Software Engineer.
WSO2, Inc.
+94711822074
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
