Hi Dinusha, JWT improvement(define a new interface and abstract class so that now we can implement the abstract class as an extension point.) is done. How could we deal with JWT signing? Please instruct me.
*Sajith Abeywardhana* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka. Mobile: +94772260485 Email: [email protected] | Web: www.wso2.com On Wed, Aug 12, 2015 at 11:55 AM, Dinusha Senanayaka <[email protected]> wrote: > [Adding Prabath] > > In API Manager, JWT is generated as a part of key validation process (key > manager) , hence the JWT is signed by KeyManager (IdP). But in App Manager, > JWT generation happens at the gateway using the SAML response sent by IdP. > Since GW is the one generating JWT, problem is how we are going to get it > signed by IdP. Seems it's a valid requirement. > > > On Wed, Aug 12, 2015 at 11:45 AM, Sajith Abeywardhana <[email protected]> > wrote: > >> Hi all, >> >> AppM use JWT for transfer claims between AppM gateway and the backend >> application. JWT has been generated by extracting user claims from the SAML >> response which is provided by the IDP. Currently JWT is signed by the AppM >> gateway but not by the IDP. >> >> I think we need to sign the JWT by using the IDP, WDYT? >> >> *Sajith Abeywardhana* | Software Engineer >> WSO2, Inc | lean. enterprise. middleware. >> #20, Palm Grove, Colombo 03, Sri Lanka. >> Mobile: +94772260485 >> Email: [email protected] | Web: www.wso2.com >> > > > > -- > Dinusha Dilrukshi > Associate Technical Lead > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
