directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-654) Add support to receive a JWT AccessToken via the GSS API
Date Wed, 06 Sep 2017 09:51:00 GMT


Kai Zheng commented on DIRKRB-654:

Hi Colm,

I suddenly thought of a question: if we can put the token in the authorization data entry
as a field in a service ticket, why would we need to change GSSAPI layer? Note, in service/server
side, it's supported to allow to query authz data from kerberos ticket, IIRC.

> Add support to receive a JWT AccessToken via the GSS API
> --------------------------------------------------------
>                 Key: DIRKRB-654
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: Task
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.1.0
>         Attachments: DIRKRB-654.patch
> added support to send a JWT Access Token
via the GSS API. This task is to add support to receive it. The AuthorizationDataEntry values
are converted to KrbTokens, which are in turn set as a public credential on the JAAS Subject.
> Question: Is this the correct place to store the received AuthorizationData entries?
I don't think it's right to store the JWT Tokens on the JAAS Subject of the receiver....

This message was sent by Atlassian JIRA

View raw message