Balazs Marton created KNOX-2775:
-----------------------------------
Summary: Using managed token without setting
knox.token.exp.server-managed to true in the topolgy
Key: KNOX-2775
URL: https://issues.apache.org/jira/browse/KNOX-2775
Project: Apache Knox
Issue Type: Bug
Reporter: Balazs Marton
Recreating the bug:
Configure a topology with jwt federation provider where
"knox.token.exp.server-managed" is NOT set to "true".
Create a token using the token management site and set it to disabled.
The expected response after using the disabled token would be 401, but instead
it successfully authenticates.
We should consider denying managed tokens on a topology where
"knox.token.exp.server-managed" is not set to "true" and inform the user with
an error message.
{code:java}
"providers": [
{
"role": "federation",
"name": "JWTProvider",
"enabled": "true",
"params": {}
}
]
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
