[
https://issues.apache.org/jira/browse/KNOX-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16205901#comment-16205901
]
Larry McCay commented on KNOX-1067:
-----------------------------------
LGTM, [~coheigea]!
+1
> Support different signature algorithms for JWTs
> -----------------------------------------------
>
> Key: KNOX-1067
> URL: https://issues.apache.org/jira/browse/KNOX-1067
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 0.14.0
>
> Attachments:
> 0001-KNOX-1067-Support-different-signature-algorithms-for.patch
>
>
> Right now, the Knox SSO and Token services can only issue tokens signed with
> RS256. This task is to support a wider range of signature algorithms.
> The following changes are proposed:
> a) The Knox Token Service has a new configuration parameter
> "knox.token.sigalg" which defaults to "RS256".
> b) The Knox SSO Service has a new configuration parameter
> "knoxsso.token.sigalg" which defaults to "RS256".
> c) The DefaultTokenAuthorityService checks the signing algorithm against a
> pre-defined list, which is all of the RSA algorithms (RS* and PS*) from the
> JWA spec.
> d) The JWTFederationFilter + the SSOCookieFederationFilter have a new
> configuration parameter "jwt.expected.sigalg" which defaults to "RS256". The
> received token must be signed with the algorithm that is configured for this
> value.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
