[ https://issues.apache.org/jira/browse/KNOX-3040?focusedWorklogId=925238&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925238 ]
ASF GitHub Bot logged work on KNOX-3040: ---------------------------------------- Author: ASF GitHub Bot Created on: 10/Jul/24 10:32 Start Date: 10/Jul/24 10:32 Worklog Time Spent: 10m Work Description: moresandeep commented on code in PR #924: URL: https://github.com/apache/knox/pull/924#discussion_r1672031543 ########## gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/JWTMessages.java: ########## @@ -123,4 +123,7 @@ public interface JWTMessages { @Message( level = MessageLevel.INFO, text = "Token verification result using knox signing cert, verified: {0}" ) void signingKeyVerificationResultMessage(boolean verified); + + @Message(level = MessageLevel.ERROR, text = "Invalid URL ignored. Not a valid JWKS url {0}") + void notValidJwksUrl(String jwksUrl); Review Comment: Ahh, yes! Issue Time Tracking ------------------- Worklog Id: (was: 925238) Time Spent: 1h 10m (was: 1h) > Support multiple ways to verify JWT tokens > ------------------------------------------ > > Key: KNOX-3040 > URL: https://issues.apache.org/jira/browse/KNOX-3040 > Project: Apache Knox > Issue Type: Bug > Reporter: Sandeep More > Assignee: Sandeep More > Priority: Major > Fix For: 2.1.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Currently we can only have one way to validate JWT token either > # Using JWKS endpoint > # Using PEM > # Using the signing-key > We should be able to support multiple verifications together. > This is an example configuration > {code:java} > <provider> > <role>federation</role> > <name>JWTProvider</name> > <enabled>true</enabled> > <param> > <name>knox.token.use.cookie</name> > <value>true</value> > </param> > > <param> > <name>knox.token.jwks.url</name> > <value>https://my.idp.com/oauth/.wellknown</value> > </param> > <param> > <name>knox.token.verification.pem</name> > > <value>MIIDaDCCAlCgAwIBAgIJAKFjn6W+gdAXMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMQ0wC...</value> > </param> > <param> > <name>jwt.expected.issuer</name> > <value>https://my.idp.com/</value> > </param> > <param> > <name>knox.token.use.cookie</name> > <value>true</value> > </param> > </provider> > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)