On 06/08/19 11:28, Pascal Langenstein wrote:
Dear Syncope Users
* Is there a specific reason why a JWT is created for the username
(sub=username)?
* If not, would it a benefit to add such a function (sub=key OR
sub=username) to the official syncope project?
Hi,
the reason of username being set as JWT subject is because, for the
JWT-based authentication [1], the default JWT SSO Provider expects such
information [2].
In your project, you are naturally free to provide an alternative JWT
SSO Provider, where you can code a different usage of JWT claims.
Regards.
[1]
https://github.com/apache/syncope/blob/master/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L371
[2]
https://github.com/apache/syncope/blob/master/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java#L86
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/