[Adding Prabath] In API Manager, JWT is generated as a part of key validation process (key manager) , hence the JWT is signed by KeyManager (IdP). But in App Manager, JWT generation happens at the gateway using the SAML response sent by IdP. Since GW is the one generating JWT, problem is how we are going to get it signed by IdP. Seems it's a valid requirement.
On Wed, Aug 12, 2015 at 11:45 AM, Sajith Abeywardhana <[email protected]> wrote: > Hi all, > > AppM use JWT for transfer claims between AppM gateway and the backend > application. JWT has been generated by extracting user claims from the SAML > response which is provided by the IDP. Currently JWT is signed by the AppM > gateway but not by the IDP. > > I think we need to sign the JWT by using the IDP, WDYT? > > *Sajith Abeywardhana* | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka. > Mobile: +94772260485 > Email: [email protected] | Web: www.wso2.com > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
