directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-654) Add support to receive a JWT AccessToken via the GSS API
Date Wed, 06 Sep 2017 09:51:00 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16155106#comment-16155106
] 

Kai Zheng commented on DIRKRB-654:
----------------------------------

Hi Colm,

I suddenly thought of a question: if we can put the token in the authorization data entry
as a field in a service ticket, why would we need to change GSSAPI layer? Note, in service/server
side, it's supported to allow to query authz data from kerberos ticket, IIRC.

> Add support to receive a JWT AccessToken via the GSS API
> --------------------------------------------------------
>
>                 Key: DIRKRB-654
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-654
>             Project: Directory Kerberos
>          Issue Type: Task
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.1.0
>
>         Attachments: DIRKRB-654.patch
>
>
> https://issues.apache.org/jira/browse/DIRKRB-651 added support to send a JWT Access Token
via the GSS API. This task is to add support to receive it. The AuthorizationDataEntry values
are converted to KrbTokens, which are in turn set as a public credential on the JAAS Subject.
> Question: Is this the correct place to store the received AuthorizationData entries?
I don't think it's right to store the JWT Tokens on the JAAS Subject of the receiver....



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message