Hi Michael,

It seems there is a consensus for disabling the JWT feature OOTB and it makes 
sense after testing with Postman.
Rest inline:

Le 22/01/2019 à 07:43, Michael Brohl a écrit :
2. the functionality to have a single sign on between two OFBiz
instances will only be used in rare cases (I think). It is only designed
for this special case and cannot be used for standard single sign on
scenarios with other systems.

If we make this feature implicitly non-operational, what about showing it in 
I guess showing it should depend of the property which switch on/off the JWT 

3. if it is not used, it will still try to read the authorization
header, key etc. *on every request*

Yes, that's not a problem it's only few ms (if even) as long as there is no JWT 
passed. Else all the other pre-processors would also be concerned...


Reply via email to