directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zheng, Kai" <kai.zh...@intel.com>
Subject RE: JWT pre-authentication - get JWT token on service side
Date Thu, 16 Jun 2016 10:33:30 GMT
Hi Colm,

This was said quite some ago for the long term effort. For that, we need to ensure two things:

1. For issuing service ticket, the token used to do the authentication or a token derivation
was put into the issued service ticket as authorization data. I'm not sure in current Kerby
impl, it has done this or not. If not, it should be not difficult to support it, considering
we have some Kerby authorization support now.

2. In application server side, it should be able to query and extract out the token encapsulated
in the authorization data field in the service ticket. This should be doable now, because
a proposal from me quite some ago had already been accepted by Oracle Java, as recorded in
the following ticket, though I hadn't got the chance to verify it using latest JDK update
like JDK8.

JDK-8044085, our extension proposal accepted and committed: allowing querying authorization
data field of service ticket.
https://bugs.openjdk.java.net/browse/JDK-8044085

So in summary, if you want to try this, I would suggest please go ahead since it's doable
now. Please let me know if you have other questions. 

Regards,
Kai

-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: Thursday, June 16, 2016 5:54 PM
To: kerby@directory.apache.org
Subject: JWT pre-authentication - get JWT token on service side

Hi all,

For the JWT pre-authentication use-case, how can I get access to the token information on
the service side?

From the documentation: "The service authenticates the ticket, extracts the token derivation,
then enforce any advanced authorization by employing the token derivation and token attributes"

Is there an example in the code to look at?

Colm.


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Mime
View raw message