Hi Colm, For the first question: I think now the token has not been put into the issued service ticket as authorization data. You can look at issueTicket()#TgsRequest.java in server side for detail.
Regards, Jiajia -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Thursday, June 16, 2016 7:19 PM To: [email protected] Subject: Re: JWT pre-authentication - get JWT token on service side Thanks Kai. A few questions below. On Thu, Jun 16, 2016 at 11:33 AM, Zheng, Kai <[email protected]> wrote: > > 1. For issuing service ticket, the token used to do the authentication > or a token derivation was put into the issued service ticket as > authorization data. I'm not sure in current Kerby impl, it has done > this or not. If not, it should be not difficult to support it, > considering we have some Kerby authorization support now. > I can take a look at this. Can you give me some pointers in the code so that I know where to start? > > 2. In application server side, it should be able to query and extract > out the token encapsulated in the authorization data field in the > service ticket. This should be doable now, because a proposal from me > quite some ago had already been accepted by Oracle Java, as recorded > in the following ticket, though I hadn't got the chance to verify it > using latest JDK update like JDK8. > > JDK-8044085, our extension proposal accepted and committed: allowing > querying authorization data field of service ticket. > https://bugs.openjdk.java.net/browse/JDK-8044085 The JDK service ticket only refers to SASL. If I'm just using GSS on the service side, is it already supported? If so, how can I extract it? Colm. > > > So in summary, if you want to try this, I would suggest please go > ahead since it's doable now. Please let me know if you have other questions. > > Regards, > Kai > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Thursday, June 16, 2016 5:54 PM > To: [email protected] > Subject: JWT pre-authentication - get JWT token on service side > > Hi all, > > For the JWT pre-authentication use-case, how can I get access to the > token information on the service side? > > From the documentation: "The service authenticates the ticket, > extracts the token derivation, then enforce any advanced authorization > by employing the token derivation and token attributes" > > Is there an example in the code to look at? > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
