[jira] [Created] (DIRKRB-436) KDC accepts an unsigned JWT token

Colm O hEigeartaigh (JIRA) Wed, 21 Oct 2015 09:42:06 -0700

Colm O hEigeartaigh created DIRKRB-436:
------------------------------------------


             Summary: KDC accepts an unsigned JWT token
                 Key: DIRKRB-436
                 URL: https://issues.apache.org/jira/browse/DIRKRB-436
             Project: Directory Kerberos
          Issue Type: Bug
            Reporter: Colm O hEigeartaigh
             Fix For: 1.0.0-RC2



The KDC accepts an unsigned token + does not fail validation. It should insist 
on a signed token. See the @Ignore'd test "testUnsignedToken" in 
WithAccessTokenKdcTest / WithIdentityTokenKdcTest.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (DIRKRB-436) KDC accepts an unsigned JWT token

Reply via email to