This is now committed, see https://issues.apache.org/jira/browse/OFBIZ-10814
Thanks,
Michael
Am 23.01.19 um 15:12 schrieb Michael Brohl:
[1] https://issues.apache.org/jira/browse/OFBIZ-10814
smime.p7s
Description: S/MIME Cryptographic Signature
Hi Jacopo,
thanks for your repsonse!
I think it would be better to divide the concerns of the different
concerns here and have a separate configuration to turn internal SSO
on/off and to provide a secret for the JWT handling.
For example, if you want to use the JWT handling for another
+1 to disabling it by default.
We could consider, rather than adding a new configuration flag, to disable
the feature if no secret is set in the configuration files (and do not
provide a secret out of the box).
Jacopo
On Sat, Jan 19, 2019 at 12:57 PM Michael Brohl
wrote:
> Hi all,
>
> during
Le 22/01/2019 à 10:11, Michael Brohl a écrit :
3. if it is not used, it will still try to read the authorization
header, key etc. *on every request*
Yes, that's not a problem it's only few ms (if even) as long as there is no JWT
passed. Else all the other pre-processors would also be
Hi Jacques,
inline...
Am 22.01.19 um 09:51 schrieb Jacques Le Roux:
Hi Michael,
It seems there is a consensus for disabling the JWT feature OOTB and
it makes sense after testing with Postman.
Thanks, Jacques.
Rest inline:
Le 22/01/2019 à 07:43, Michael Brohl a écrit :
2. the
Hi Michael,
It seems there is a consensus for disabling the JWT feature OOTB and it makes
sense after testing with Postman.
Rest inline:
Le 22/01/2019 à 07:43, Michael Brohl a écrit :
2. the functionality to have a single sign on between two OFBiz
instances will only be used in rare cases (I
@ofbiz.apache.org
主题: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality
Hi all,
during my work in [1] I realized that the OOTB JWT authorization /
single sign on is switched on by default. The logic to retrieve the
secret key uses a default if there is no configuration in
SystemProperty
...@ecomify.de]
发送时间: 2019年1月19日 19:58
收件人: dev@ofbiz.apache.org
主题: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality
Hi all,
during my work in [1] I realized that the OOTB JWT authorization /
single sign on is switched on by default. The logic to retrieve the
secret key uses a default
hl [mailto:michael.br...@ecomify.de]
> > 发送时间: 2019年1月19日 19:58
> > 收件人: dev@ofbiz.apache.org
> > 主题: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality
> >
> > Hi all,
> >
> > during my work in [1] I realized that the OOTB JWT authorizatio
Thanks Michael,
Looks good to me..!!
Thanks & Regards
--
Deepak Dixit
On Sat, Jan 19, 2019 at 5:27 PM Michael Brohl
wrote:
> Hi all,
>
> during my work in [1] I realized that the OOTB JWT authorization /
> single sign on is switched on by default. The logic to retrieve the
> secret key uses
English, I'm a
bit lost, are we discussing which one is more secure, the tomcat session or JWT?
-邮件原件-
发件人: Michael Brohl [mailto:michael.br...@ecomify.de]
发送时间: 2019年1月19日 19:58
收件人: dev@ofbiz.apache.org
主题: [DISCUSSION] turn off OOTB JWT authorization/SSO functionality
Hi all,
during my
] turn off OOTB JWT authorization/SSO functionality
Hi all,
during my work in [1] I realized that the OOTB JWT authorization /
single sign on is switched on by default. The logic to retrieve the
secret key uses a default if there is no configuration in SystemProperty
or security.properties
Hi all,
during my work in [1] I realized that the OOTB JWT authorization /
single sign on is switched on by default. The logic to retrieve the
secret key uses a default if there is no configuration in SystemProperty
or security.properties.
This makes it easy to prepare a JWT (e.g. by using
13 matches
Mail list logo