Hi Senaka, Its not just about enabling/disabling JWT. We also have options of caching the JWT, specifying custom claims to be included in the JWT, extending the JWT generator implementation to include custom attributes, etc. All these are provided through the configuration on the KM since its the KM who actually would have access to user claims, application data, etc. The Gateway just passes whatever information generated by the KM as the JWT to the back-end.
Thanks, NuwanD. On Mon, Aug 3, 2015 at 6:02 PM, Senaka Fernando <[email protected]> wrote: > Hi John, > > I think the IS sends back the JWT, but when you use IS as the key manager, > shouldn't it be the API-M that requests for the JWT from IS? And, > regardless of that the setting should be done at the API-M GW IMO, because > that's what creates the JWT and passes on to the ESB for instance. I think > it has to happen that way, especially with external KMs used and all. > Therefore, I think this setting should be done on the API-M GW-side (if I > understood correctly). > > AM team, what's your thoughts on this? > > Thanks, > Senaka. > > On Mon, Aug 3, 2015 at 11:47 AM, John Hawkins <[email protected]> wrote: > >> Hi Folks, >> >> I've just been following these instructions [1] to get the API-M talking >> to the Identity server. I am confused as to why I have set JWT on in the >> Identity servers api-manager.xml [2] and not just in the API-M? Isn't it >> the API-M sending JWT out rather than the IS ? Can someone explain to me >> what's going on under-the-hood please? >> >> >> [1] >> https://docs.wso2.com/display/CLUSTER420/Configuring+the+Pre-Packaged+Identity+Server+5.0.0+with+API+Manager+1.9.0 >> >> [2] Bullet 7: JWT configuration must be done in the >> <IS_HOME>/repository/conf/api-manager.xml file in the Identity Server. >> >> >> many thanks, >> John. >> >> >> >> John Hawkins >> Director: Solutions Architecture >> >> > > > -- > > > *[image: http://wso2.com] <http://wso2.com>Senaka Fernando* > Solutions Architect; WSO2 Inc.; http://wso2.com > > > > *Member; Apache Software Foundation; http://apache.org > <http://apache.org>E-mail: senaka AT wso2.com <http://wso2.com>**P: +1 > 408 754 7388 <%2B1%20408%20754%207388>; ext: 51736*; > > > *M: +44 782 741 1966 <%2B44%20782%20741%201966>Linked-In: > http://linkedin.com/in/senakafernando > <http://linkedin.com/in/senakafernando>*Lean . Enterprise . Middleware > -- Nuwan Dias Technical Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
