[
https://issues.apache.org/jira/browse/KNOX-3347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089400#comment-18089400
]
ASF subversion and git services commented on KNOX-3347:
-------------------------------------------------------
Commit 5d410895d452a6fe8b270a59ffce8d3a48237160 in knox's branch
refs/heads/master from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=5d410895d ]
KNOX-3347 - Introduce TokenExchangePrincipal for extending Act claim … (#1262)
* KNOX-3347 - Introduce TokenExchangePrincipal for extending Act claim for
token_exchange
> Introduce TokenExchangePrincipal for extending Act claim for token_exchange
> ---------------------------------------------------------------------------
>
> Key: KNOX-3347
> URL: https://issues.apache.org/jira/browse/KNOX-3347
> Project: Apache Knox
> Issue Type: Improvement
> Components: JWT
> Reporter: Larry McCay
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Currently, the ActorChainPrincipal includes whatever act chain was in the
> Subject token from the token_exchange. The presence of the
> ImpersonatedPrincipal is currently only added by the identity assertion
> provider based on a doAs and proxyuser based impersonation. This is required
> for the new actor to be added to the nested 'act' claim.
> Let's add not the use of the TokenExchangePrincipal to the identity assertion
> logic that sets the ImpersonatedPrincipal in addition to the doAs pattern.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
