Alexander Rettner created TOMEE-2533:
----------------------------------------
Summary: Compliance with MicroProfile JWT Auth
Key: TOMEE-2533
URL: https://issues.apache.org/jira/browse/TOMEE-2533
Project: TomEE
Issue Type: Bug
Components: TomEE Core Server
Affects Versions: 8.0.0-M2
Reporter: Alexander Rettner
The Specification of MicroProfile JWT RBAC requests that an issuer claim must
be present in the token and valid. But TomEE is in the tested version 8.0.0-M2
not compliant with respect to MP.
The specification says exactly:"The {{mp.jwt.verify.issuer}} config property
allows for the expected value of the {{iss}} claim to be specified. A
MicroProfile JWT implementation must verify the {{iss}} claim of incoming JWTs
is present and matches the configured value of {{mp.jwt.verify.issuer}}."
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)