[jira] [Commented] (JAMES-3455) Configurable login field in jwt token authentication.

Fri, 03 Sep 2021 21:55:09 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409806#comment-17409806
 ] 

Benoit Tellier commented on JAMES-3455:
---------------------------------------

Hello [~andreasvaldma]

How did you succeed to customised the field in the JWT token?

Do you have a code change to share regarding this?

This could be useful to others too - I think being able to do so could enable 
quick support of SSO solutions like Keycloack (also configuring challenges migh 
be required) though SLO might need more work (to maintain a session invalidated 
via for instance a endpoint called by keycloak upon logout).

I'm thus curious about your setup regarding this and happy if some of it can 
land in the Apache project.

Regards,

Benoit

> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
>                 Key: JAMES-3455
>                 URL: https://issues.apache.org/jira/browse/JAMES-3455
>             Project: James Server
>          Issue Type: Wish
>            Reporter: Andreas Valdma
>            Priority: Minor
>
> We have a production system that uses jwt tokens. Unfortunately the subject 
> field in our JWT token has a different value than we want for our emails. We 
> are thinking of adding an additional field like "email" to the JWT token and 
> making a new configuration key for james, that shows from which field to load 
> the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier 
> extracts the login from the JWT token.
> For example, in case of a JWT token content:
> {code:java}
> {
>  "sub": "1234567890",
>  "name": "John Doe",
>  "iat": 1516239022,
>  "email": "abcdefg...@example.com"
> }{code}
> I'd configure the login field as "email", then "abcdefg...@example.com" will 
> be extracted as the login for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to