[
https://issues.apache.org/jira/browse/AMBARI-15479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15247927#comment-15247927
]
Robert Levas commented on AMBARI-15479:
---------------------------------------
Committed to trunk
{noformat}
commit c36e4589197f64dd2f834abf9459d1a1a6d57d29
Author: Larry McCay <[email protected]>
Date: Tue Apr 19 10:54:51 2016 -0400
{noformat}
> JwtAuthenticationFilter needs to accommodate null JWT expiration time
> ---------------------------------------------------------------------
>
> Key: AMBARI-15479
> URL: https://issues.apache.org/jira/browse/AMBARI-15479
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Attachments: AMBARI-15479-001.patch, AMBARI-15479-002.patch,
> AMBARI-15479-003.patch
>
>
> Current validation of the JWT token within the SSO cookie interprets no
> expiration date as expired and redirects to acquire a new cookie. In the JWT
> specification exp is an optional claim however. KnoxSSO is leveraging this to
> mean that the token lifecycle should be tied to that of the SSO cookie itself
> and not timeout from underneath the cookie.
> This minor change will allow null expiration times within the JWT token to be
> considered valid.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
