Hi Harsha, I just checked the JWTHeader scenario. If you want to change the JWT header, then you need to change that in gateway node [1]. You only need to change this property in the gateway and even you don't need to enable jwt in the gateway.
[1] - https://github.com/wso2/carbon-apimgt/blob/v6.1.66/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/oauth/OAuthAuthenticator.java#L310 Thank you! On Mon, Nov 20, 2017 at 1:26 PM, Harsha Kumara <[email protected]> wrote: > > > On Mon, Nov 20, 2017 at 10:43 AM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi, >> >> I checked this locally using a separate gateway node and another node for >> other profiles. I did not enable JWT and I could see the jwt header when I >> enabled the debug logs. >> >> APIKeyMgtDataHolder is the only reference I could find as well. If there >> isn't any use case in the gateway, we can remove configuring jwt in gateway >> [1]. >> >> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment >> +of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-Co >> nfiguretheGateway >> > In previous versions, there was a issue that we include this property in > the gateway configurations. I can't recall the exact reason. Lakmali should > know the exact reason. Also check the sysnapse API config and see whether > there are any properties getting added when we deploy the API in the > gateway. This might have fixed in latest versions. But needs to verify and > update the document accordingly. If someone wants to change the Assertion > header name, do they need to change it in KM or Gateway? Please check that > as well. There is a property called JWTHeader in api-manager.xml. > >> >> Thank you! >> >> On Mon, Nov 20, 2017 at 1:07 PM, Sam Sivayogam <[email protected]> wrote: >> >>> It seems like we are reading this config only in APIKeyMgt service [1] >>> hence I think we don't need this configuration in Gateway node >>> >>> [1] https://github.com/wso2/carbon-apimgt/blob/v6.1.66/component >>> s/apimgt/org.wso2.carbon.apimgt.keymgt/src/main/java/org/ >>> wso2/carbon/apimgt/keymgt/util/APIKeyMgtDataHolder.java#L107 >>> >>> Thanks, >>> Sam >>> >>> On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> Do we need to enable JWT in gateway node [1] in a fully distributed >>>> deployment where KM/IS is hosted separately? >>>> >>>> I can see the JWT is passed to the backend. >>>> >>>> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG >>>>> {org.apache.synapse.transport.http.headers} - http-outgoing-1 >> >>>>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz >>>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod >>>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd >>>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY >>>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb >>>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV >>>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ >>>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z >>>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR >>>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc >>>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb >>>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c >>>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI >>>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI >>>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS >>>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL >>>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa >>>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK >>>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ >>>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM= >>>>> {org.apache.synapse.transport.http.headers} >>>>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG >>>>> {org.apache.synapse.transport.http.wire} - HTTP-Sender I/O dispatcher-1 >>>>> << >>>>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz >>>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod >>>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd >>>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY >>>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb >>>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV >>>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ >>>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z >>>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR >>>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc >>>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb >>>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c >>>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia >>>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI >>>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI >>>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS >>>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL >>>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa >>>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK >>>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ >>>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]" >>>>> {org.apache.synapse.transport.http.wire} >>>> >>>> >>>> >>>> What is the need to enable JWT in gateway node? >>>> >>>> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment >>>> +of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-Co >>>> nfiguretheGateway >>>> >>>> Thank you! >>>> -- >>>> *Pubudu Gunatilaka* >>>> Committer and PMC Member - Apache Stratos >>>> Senior Software Engineer >>>> WSO2, Inc.: http://wso2.com >>>> mobile : +94774078049 <%2B94772207163> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Sam Sivayogam* >>> >>> Senior Software Engineer >>> Mobile : +94 772 906 439 >>> Office : +94 112 145 345 >>> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >>> lean.enterprise.middleware. >>> >> >> >> >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Senior Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <+94%2077%20550%205618> > Blog:harshcreationz.blogspot.com > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Senior Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <%2B94772207163>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
