Hi Pubudu,
In a fully distributed set up we can decide in which component (Key Manager
or Gateway) we need to keep key validation information cache.
Therefore having JWT enabled in Key Manager node only is enough IMO.
To check the values passing to the backend we can use debug logs.
Thanks,
Chamalee
On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka <pubu...@wso2.com> wrote:
> Hi,
>
> Do we need to enable JWT in gateway node [1] in a fully distributed
> deployment where KM/IS is hosted separately?
>
> I can see the JWT is passed to the backend.
>
> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
>> {org.apache.synapse.transport.http.headers} - http-outgoing-1 >>
>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=
>> {org.apache.synapse.transport.http.headers}
>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
>> {org.apache.synapse.transport.http.wire} - HTTP-Sender I/O dispatcher-1 <<
>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.
>> eyJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFs
>> XC9zdWJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlv
>> blwvYWRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRl
>> cm5hbFwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4i
>> XSwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVy
>> IjoiVW5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5
>> dHlwZSI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1z
>> XC92ZXJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2Ft
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1l
>> IjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2Ns
>> YWltc1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9c
>> L3dzbzIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0Iiwi
>> aHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWlu
>> IiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRl
>> ZCIsImh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQi
>> OiIxIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJB
>> UFBMSUNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5v
>> cmdcL2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.
>> ADG30dcwlxBaN7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+
>> CvK07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/
>> 7FTpnFRfyZ7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]"
>> {org.apache.synapse.transport.http.wire}
>
>
>
> What is the need to enable JWT in gateway node?
>
> [1] - https://docs.wso2.com/display/AM210/Distributed+
> Deployment+of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-
> ConfiguretheGateway
>
> Thank you!
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Thanks & Regards,
*Chamalee De Silva*
Software Engineer
*WS**O2* Inc. :http://wso2.com/
Office :- *+94 11 2145345 <%2B94%2011%202145345>*
mobile :- *+94 7 <%2B94%2077%202782039>1 4315942*
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
