[
https://issues.apache.org/jira/browse/KNOX-873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay resolved KNOX-873.
------------------------------
Resolution: Fixed
> JWTFederationFilter must Validate Expected Audiences
> ----------------------------------------------------
>
> Key: KNOX-873
> URL: https://issues.apache.org/jira/browse/KNOX-873
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Labels: kip-4
> Fix For: 0.12.0
>
>
> When a KnoxToken service configuration includes a particular audience or list
> of audiences it is intended for use with endpoints that are protected by a
> provider that will validate that it/they are contained in the audience claims
> of the token.
> This is done so that tokens issued by a KnoxToken service in a particular
> topology can be used only with specifically configured topologies. This can
> be used to constrain the number of services that clients have access to.
> JWTFederationFilter currently does not validate the presence of the expected
> audience claims.
> Must try and leverage existing code for the same capabilities from within the
> SSOCookieProvider.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
