[
https://issues.apache.org/jira/browse/AMBARI-15479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated AMBARI-15479:
---------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
> JwtAuthenticationFilter needs to accommodate null JWT expiration time
> ---------------------------------------------------------------------
>
> Key: AMBARI-15479
> URL: https://issues.apache.org/jira/browse/AMBARI-15479
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Attachments: AMBARI-15479-001.patch, AMBARI-15479-002.patch,
> AMBARI-15479-003.patch
>
>
> Current validation of the JWT token within the SSO cookie interprets no
> expiration date as expired and redirects to acquire a new cookie. In the JWT
> specification exp is an optional claim however. KnoxSSO is leveraging this to
> mean that the token lifecycle should be tied to that of the SSO cookie itself
> and not timeout from underneath the cookie.
> This minor change will allow null expiration times within the JWT token to be
> considered valid.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
