Hi Kai, Thanks for your reply.
Actually the TokenLoginTestBase tests were not actually run as part of the maven build as they don't end in "Test" - now fixed :-) I'm still not clear on a few points... > It's required the token must be verified via signature The JWT tokens themselves are not actually signed in the test though (using JWS). Are you referring to a different signature scheme? > and the issuer must be trusted as one of preconfigured issuers. Where is this configured? In the "TokenLoginWithTokenPreauthEnabledTest" I modified the issuer in the "issueToken" method + the test still passed. Colm. On Wed, Sep 30, 2015 at 1:38 PM, Zheng, Kai <[email protected]> wrote: > Hi Colm, > > Yeah, you're right. It's required the token must be verified via signature > and the issuer must be trusted as one of preconfigured issuers. > Please look at the end to end test TokenLoginTestBase.java codes to see > how it works. > Also to note, there must be an armor ticket to make it work, that's why > ANONYMOUS PKINIT is the next major goal to finish, because it can help > obtain a ticket to use for the purpose. > > Please feel free to fire issues, thanks for trying. We can get them fixed > in RC2 if any. > > Regards, > Kai > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Wednesday, September 30, 2015 7:05 PM > To: [email protected] > Subject: Token PreAuth > > Hi all, > > I'm just playing around with the Token PreAuth functionality. I'm a bit > confused as to how this works on the KDC side. How does the KDC verify that > the JWT token is valid? I would have assumed that the token must be signed > by a trusted issuer to be accepted by the KDC. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
