From dev-return-15816-archive-asf-public=cust-asf.ponee.io@syncope.apache.org  Wed Jun 27 09:37:51 2018
Return-Path: <dev-return-15816-archive-asf-public=cust-asf.ponee.io@syncope.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 44679180625
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 27 Jun 2018 09:37:51 +0200 (CEST)
Received: (qmail 85127 invoked by uid 500); 27 Jun 2018 07:37:50 -0000
Mailing-List: contact dev-help@syncope.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@syncope.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@syncope.apache.org>
List-Post: <mailto:dev@syncope.apache.org>
List-Id: <dev.syncope.apache.org>
Reply-To: dev@syncope.apache.org
Delivered-To: mailing list dev@syncope.apache.org
Received: (qmail 85116 invoked by uid 99); 27 Jun 2018 07:37:49 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Jun 2018 07:37:49 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 4EBDEDFB1A; Wed, 27 Jun 2018 07:37:49 +0000 (UTC)
From: ilgrosso <git@git.apache.org>
To: dev@syncope.apache.org
Reply-To: dev@syncope.apache.org
References: <git-pr-79-syncope@git.apache.org>
In-Reply-To: <git-pr-79-syncope@git.apache.org>
Subject: [GitHub] syncope issue #79: Exposed JWT signature algorithm in security.properties. T...
Content-Type: text/plain
Message-Id: <20180627073749.4EBDEDFB1A@git1-us-west.apache.org>
Date: Wed, 27 Jun 2018 07:37:49 +0000 (UTC)

Github user ilgrosso commented on the issue:

    https://github.com/apache/syncope/pull/79
  
    Hi @noorulrazvi-saal, thanks for this PR!
    
    Before merging, could you please:
    1. sign and send an [ICLA](http://syncope.apache.org/contributing#How_do_I_become_a_contributor_or_a_committer)
    1. open an issue on [JIRA](https://issues.apache.org/jira/projects/SYNCOPE?) for such an improvement
    1. fix the failing tests (maybe the reason is only the default value for algorithm, as pointed in my previous comemnt):
    ```
    [INFO] Running org.apache.syncope.fit.core.JWTITCase
    [ERROR] Tests run: 12, Failures: 1, Errors: 2, Skipped: 0, Time elapsed: 2.75 s <<< FAILURE! - in org.apache.syncope.fit.core.JWTITCase
    [ERROR] queryUsingToken  Time elapsed: 0.26 s  <<< ERROR!
    java.security.AccessControlException: Invalid signature found in JWT
    	at org.apache.syncope.fit.core.JWTITCase.queryUsingToken(JWTITCase.java:129)
    [ERROR] tokenValidation  Time elapsed: 0.14 s  <<< ERROR!
    java.security.AccessControlException: Invalid signature found in JWT
    	at org.apache.syncope.fit.core.JWTITCase.tokenValidation(JWTITCase.java:174)
    [ERROR] getJWTToken  Time elapsed: 0.246 s  <<< FAILURE!
    org.opentest4j.AssertionFailedError: expected: <true> but was: <false>
    	at org.apache.syncope.fit.core.JWTITCase.getJWTToken(JWTITCase.java:80)
    ```
    
    Thanks!


---