Larry McCay created AMBARI-15479:
------------------------------------
Summary: JwtAuthenticationFilter needs to accommodate null JWT
expiration time
Key: AMBARI-15479
URL: https://issues.apache.org/jira/browse/AMBARI-15479
Project: Ambari
Issue Type: Bug
Components: ambari-server
Reporter: Larry McCay
Current validation of the JWT token within the SSO cookie interprets no
expiration date as expired and redirects to acquire a new cookie. In the JWT
specification exp is an optional claim however. KnoxSSO is leveraging this to
mean that the token lifecycle should be tied to that of the SSO cookie itself
and not timeout from underneath the cookie.
This minor change will allow null expiration times within the JWT token to be
considered valid.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
