Hi Colm, Yeah, you're right. It's required the token must be verified via signature and the issuer must be trusted as one of preconfigured issuers. Please look at the end to end test TokenLoginTestBase.java codes to see how it works. Also to note, there must be an armor ticket to make it work, that's why ANONYMOUS PKINIT is the next major goal to finish, because it can help obtain a ticket to use for the purpose.
Please feel free to fire issues, thanks for trying. We can get them fixed in RC2 if any. Regards, Kai -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Wednesday, September 30, 2015 7:05 PM To: [email protected] Subject: Token PreAuth Hi all, I'm just playing around with the Token PreAuth functionality. I'm a bit confused as to how this works on the KDC side. How does the KDC verify that the JWT token is valid? I would have assumed that the token must be signed by a trusted issuer to be accepted by the KDC. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
