Which JWT security modular you using? The main OIDC support is not published as part of GeoServer - instead shared as source code for improvements like "jt+awt". The existing source code is here <https://github.com/geoserver/geoserver/tree/main/src/community/security/oauth2-openid-connect>, so you have developer capacity to build and prepare a change yourself.
Migrating this to a newer version of spring-framework-6 is also a roadmap planning <https://geoserver.org/behind%20the%20scenes/2024/01/03/roadmap.html> topic and we are looking for interested parties to assist. There is also an isolated module <https://github.com/geoserver/geoserver/blob/ce22d0d99c89bc265c64e61dda1340ce1ebf63ef/src/community/jwt-headers/README.md?plain=1> that just focuses on the headers (requiring apache or inginX to negotiation OIDC). -- Jody Garnett On Jun 10, 2024 at 12:59:18 AM, "Ethelberg, Nicklas Kolls via Geoserver-users" <geoserver-users@lists.sourceforge.net> wrote: > Hey community > > > > We have a problem with securing some layers with our JWT token. > > The first problem we experience is that the Geoserver do not accept the > typ header in the token. The typ header we use is “at+jwt” and not “JWT” > > > > A other issue we might run into is that the payload of our token is > encrypted. > > > > We do get our token verified by the userinfo end point, but then it fails. > > > > For reference, what we try to do is getting the roles from the userinfo > endpoint, with the encrypted token. > > > > Therefore it does not need to be read be the Geoserver. > > > > Thanks in advance > > > > Med venlig hilsen > > Kind regards > > [image: Logo WSP] <https://www.wsp.com/> > > > > > > *Nicklas Kolls Ethelberg* > > Senior Software Developer > > Informatics > > > > > > > > > > M +45 27 80 97 03 > > > > > > > > > > > > > > WSP Danmark A/S > > Linnés Allé 2 > > 2630 Taastrup > > > > T +45 44 85 86 87 > > > > > > > > > > > > > > > > *wsp.com/da-DK* <https://www.wsp.com/da-DK> > > > > > > ------------------------------ > > > NOTICE: This communication and any attachments ("this message") may > contain information which is privileged, confidential, proprietary or > otherwise subject to restricted disclosure under applicable law. This > message is for the sole use of the intended recipient(s). Any unauthorized > use, disclosure, viewing, copying, alteration, dissemination or > distribution of, or reliance on, this message is strictly prohibited. If > you have received this message in error, or you are not an authorized or > intended recipient, please notify the sender immediately by replying to > this message, delete this message and all copies from your e-mail system > and destroy any printed copies. > > > > -LAEmHhHzdJzBlTWfa4Hgs7pbKl > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
