On Sun, Feb 23, 2020 at 8:22 PM Amali Matharaarachchi <ama...@wso2.com> wrote:
> Hi all, > > We will support multiple JWT issuers as the following configuration. > Ballerina 1.1.2 provided the Array of maps functionality for toml > configuration file. > To validate subscription at the issuer level, the subscription validation > logic will be moved from the subscription filter to the JWT authentication > handler. > +1. This should be similar to API keys as well, since subscription filter is removed. > I appreciate your thoughts on this. > > # Issuer 1 > [[jwtTokenConfig]] > issuer = "https://localhost:9443/oauth2/token"; > audience = "http://org.wso2.apimgt/gateway"; > certificateAlias = "wso2apim" > validateSubscription = false > # Issuer 2 > [[jwtTokenConfig]] > issuer = "https://host/issuer2"; > audience = "http://org.wso2.apimgt/gateway"; > certificateAlias = "alias" > validateSubscription = false > > [1] PR - https://github.com/wso2/product-microgateway/pull/1023/ > > Thanks, > > On Mon, Dec 16, 2019 at 9:58 AM Rajith Roshan <raji...@wso2.com> wrote: > >> >> >> On Fri, Dec 13, 2019 at 10:02 PM Harsha Kumara <hars...@wso2.com> wrote: >> >>> >>> >>> On Fri, Dec 13, 2019 at 12:30 PM Rajith Roshan <raji...@wso2.com> wrote: >>> >>>> Hi all, >>>> In microgateway 3.0.2 version we only supports jwt tokens issued by a >>>> single issuer. (The current config [1]). But there can be use cases where >>>> microgateways need to support jwts issued by multiple issuers (STS). >>>> So we are planning to support the multiple issuers with >>>> jballerina update of the microgateway. For each new issuer defined in the >>>> config, authentication handler will be registered during the mgw startup >>>> and each token will be validated by each handler until the correct handler >>>> is found for that particular issuer of the token. >>>> We are planning to extend the configuration as below [2]. >>>> Ideally the config should look like [3]. But in ballerina right now >>>> there is a limitation in the config API in order to read the array objects >>>> from the toml files. >>>> Please find the github issue [4]. >>>> Please share your thoughts about this. >>>> >>> Looks fine till we this getting fix from bellerina. But this will >>> involve with a migration when it's fixed. How soon can we get this fixed >>> from ballerina and proceed with the [3]? >>> >> Seems like this will be available[1] in ballerina 1.1.1. I think we can >> use the array functionality once it is available. @Pubudu Fernando >> <pubu...@wso2.com> is there any rough date when this would be available. >> >> [1] - >> https://github.com/ballerina-platform/ballerina-lang/issues/10633#issuecomment-565413239 >> >>> >>>> [1] - >>>> [jwtTokenConfig] >>>> issuer="https://localhost:9443/oauth2/token"; >>>> audience="http://org.wso2.apimgt/gateway"; >>>> certificateAlias="wso2apim" >>>> >>>> [2] >>>> [*jwtTokenConfig*] >>>> issuer="https://localhost:9443/oauth2/token"; >>>> audience="http://org.wso2.apimgt/gateway"; >>>> certificateAlias="wso2apim" >>>> >>>> [*jwtTokenConfig1*] >>>> issuer="issuer1" >>>> audience="aud1" >>>> certificateAlias="alias1" >>>> >>>> [*jwtTokenConfig2*] >>>> issuer="issuer2" >>>> audience="aud2" >>>> certificateAlias="alias2" >>>> >>>> [3] >>>> [[*jwtTokenConfig*]] >>>> issuer="https://localhost:9443/oauth2/token"; >>>> audience="http://org.wso2.apimgt/gateway"; >>>> certificateAlias="wso2apim" >>>> >>>> [[*jwtTokenConfig*]] >>>> issuer="issuer1" >>>> audience="aud1" >>>> certificateAlias="alias1" >>>> >>>> [[*jwtTokenConfig*]] >>>> issuer="issuer2" >>>> audience="aud2" >>>> certificateAlias="alias2" >>>> >>>> [4] - https://github.com/wso2/product-microgateway/issues/271 >>>> >>>> Thanks! >>>> Rajith >>>> -- >>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc. >>>> (m) +94-717-064-214 | (e) raji...@wso2.com <shen...@wso2.com> >>>> blog: http://www.rajithr.com >>>> >>>> <https://wso2.com/signature> >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: hars...@wso2.coim >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc. >> (m) +94-717-064-214 | (e) raji...@wso2.com <shen...@wso2.com> >> blog: http://www.rajithr.com >> >> <https://wso2.com/signature> >> > > > -- > *Amali Lakshika* > > > > > *Software EngineerWSO2 Inc.: https://wso2.com > <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* > > *skype: amali.94d* > > <http://wso2.com/signature> > > -- *Rajith Roshan* | Associate Technical Lead | WSO2 Inc. (m) +94-717-064-214 | (e) raji...@wso2.com <shen...@wso2.com> blog: http://www.rajithr.com <https://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
