[
https://issues.apache.org/jira/browse/DIRKRB-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16155106#comment-16155106
]
Kai Zheng commented on DIRKRB-654:
----------------------------------
Hi Colm,
I suddenly thought of a question: if we can put the token in the authorization
data entry as a field in a service ticket, why would we need to change GSSAPI
layer? Note, in service/server side, it's supported to allow to query authz
data from kerberos ticket, IIRC.
> Add support to receive a JWT AccessToken via the GSS API
> --------------------------------------------------------
>
> Key: DIRKRB-654
> URL: https://issues.apache.org/jira/browse/DIRKRB-654
> Project: Directory Kerberos
> Issue Type: Task
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.1.0
>
> Attachments: DIRKRB-654.patch
>
>
> https://issues.apache.org/jira/browse/DIRKRB-651 added support to send a JWT
> Access Token via the GSS API. This task is to add support to receive it. The
> AuthorizationDataEntry values are converted to KrbTokens, which are in turn
> set as a public credential on the JAAS Subject.
> Question: Is this the correct place to store the received AuthorizationData
> entries? I don't think it's right to store the JWT Tokens on the JAAS Subject
> of the receiver....
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
