Hello all,
I want to protect GeoServer OWS services with OpenID tokens. The OpenID
filter does the trick, but unfortunately I have a widely used SSO, so I
need to validate the tokens audience ("aud" claim) in JWT.
I have experimented with it, and it seems to authorize users regardless of
the audience the token was issued for.
I checked the docs and also took a quick look at the source code but didn't
see any reference to audience checks.
Is this by design? Am I missing something?
Thanks for any help you can provide,
Best regards,
Felipe Fraga
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
