[
https://issues.apache.org/jira/browse/DIRKRB-435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14968722#comment-14968722
]
Jiajia Li commented on DIRKRB-435:
----------------------------------
Hi Colm,
The audience validation is in server side TokenPreauth#113 line, server
principal will compare with audiences, and in the TgsRequest the server
principal is service principal, so I change the test with a wrong service
principal. Is that ok?
commit 3cec9dc02ff630d3ad4eea563c384afc84ff6cb7
Author: plusplus_jiajia <[email protected]>
Date: Thu Oct 22 14:56:16 2015 +0800
DIRKRB-435 JWT Audience restriction validation is not working.
> JWT Audience restriction validation is not working
> --------------------------------------------------
>
> Key: DIRKRB-435
> URL: https://issues.apache.org/jira/browse/DIRKRB-435
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Fix For: 1.0.0-RC2
>
>
> When specifying a different JWT audience restriction value in the tests,
> validation is not failing. See the @Ignored test "testBadAudienceRestriction"
> in WithAccessTokenKdcTest/WithIdentityTokenKdcTest in the source.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
