Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KNOX-3040 - Support multiple ways to verify JWT tokens #915

Merged
merged 2 commits into from
Jun 7, 2024
Merged

KNOX-3040 - Support multiple ways to verify JWT tokens #915

merged 2 commits into from
Jun 7, 2024

Conversation

moresandeep
Copy link
Contributor

@moresandeep moresandeep commented Jun 6, 2024
edited
Loading

What changes were proposed in this pull request?

This PR adds the ability to validate a JWT token using multiple ways at the same time. Previously, we could only authenticate JWT token using either

  1. PEM cert
  2. JWKS url
  3. Knox signing key
    With this PR, knox will validate the incoming JWT token using all the above mechanisms if they are configured.

example provider config

<provider>
            <role>federation</role>
            <name>JWTProvider</name>
            <enabled>true</enabled>
            <param>
                <name>knox.token.use.cookie</name>
                <value>true</value>
            </param>
			
            <param>
                <name>knox.token.jwks.url</name>
                <value>https://my.idp.com/oauth/.wellknown</value>
            </param>


            <param>
                <name>knox.token.verification.pem</name>
                <value>MIIDaDCCAlCgAwIBAgIJAKFjn6W+gdAXMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMQ0wC...</value>
            </param>

            <param>
                <name>jwt.expected.issuer</name>
                <value>https://my.idp.com/</value>
            </param>

            <param>
                <name>knox.token.use.cookie</name>
                <value>true</value>
            </param>
        </provider>

How was this patch tested?

This patch was tested locally.

@moresandeep moresandeep merged commit 7980cda into apache:master Jun 7, 2024
2 checks passed
@moresandeep moresandeep added the JWT label Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lmccay lmccay Awaiting requested review from lmccay

@pzampino pzampino Awaiting requested review from pzampino

Assignees
No one assigned
Labels
JWT
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@moresandeep