Larry McCay created KNOX-873:
--------------------------------
Summary: JWTFederationFilter must Validate Expeted Audiences
Key: KNOX-873
URL: https://issues.apache.org/jira/browse/KNOX-873
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.12.0
When a KnoxToken service configuration includes a particular audience or list
of audiences it is intended for use with endpoints that are protected by a
provider that will validate that it/they are contained in the audience claims
of the token.
This is done so that tokens issued by a KnoxToken service in a particular
topology can be used only with specifically configured topologies. This can be
used to constrain the number of services that clients have access to.
JWTFederationFilter currently does not validate the presence of the expected
audience claims.
Must try and leverage existing code for the same capabilities from within the
SSOCookieProvider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
