Re: [Geoserver-users] OAuth2 + OpenID + Token Audience Validation

Tue, 27 Jul 2021 03:03:38 -0700 

Hi Felipe,
I never heard of the "aud" claim before... but yes, I don't think there is
any code dealing with it (never had a need before).
If you want to add support for it, pull requests are welcomed. I guess this
check should be made configurable.

Cheers
Andrea

On Tue, Jul 27, 2021 at 12:40 AM Felipe Fraga <felipefr...@gmail.com> wrote:

> Hello all,
>
> I want to protect GeoServer OWS services with OpenID tokens. The OpenID
> filter does the trick, but unfortunately I have a widely used SSO, so I
> need to validate the tokens audience ("aud" claim) in JWT.
>
> I have experimented with it, and it seems to authorize users regardless of
> the audience the token was issued for.
>
> I checked the docs and also took a quick look at the source code but
> didn't see any reference to audience checks.
>
> Is this by design? Am I missing something?
>
> Thanks for any help you can provide,
>
> Best regards,
>
> Felipe Fraga
> _______________________________________________
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>

_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users






















					Reply via email to