[Apiman-user] Generic JWT plugin policy
Marc Savy
marc.savy at redhat.com
Tue Jan 10 08:09:18 EST 2017
This is now released as:
G: io.apiman.plugins
A: apiman-plugins-jwt-policy
V: 1.2.9.Final
Feedback welcome!
On 1 December 2016 at 16:33, Marc Savy <marc.savy at redhat.com> wrote:
> I should clarify that the purpose of this plugin is to work with any JWT
> provider (rather than being Keycloak-focussed).
>
> Let me know how it works for you!
>
> On 1 December 2016 at 16:06, Marc Savy <marc.savy at redhat.com> wrote:
>
>> Hi,
>>
>> I just pushed a (very simple) generic JWT plugin policy to master.
>>
>> To try it out right now you will need to build it. Just check out the
>> apiman/apiman-plugins repo and execute `mvn clean install`. The plugin
>> coordinates will be G: io.apiman.plugins A: apiman-plugins-jwt-policy V:
>> 1.2.9-SNAPSHOT.
>>
>> It isn't yet as feature-rich as the Keycloak plugin, but you can:
>>
>> - Require JWT.
>> - Require claims (e.g. sub = foo).
>> - Require transport security (TLS, SSL).
>> - Require JWT be cryptographically signed (aka. JWS).
>> - Validate JWT against a provided public key.
>> - Remove auth tokens (prevent them reaching the backend).
>> - Set maximum clock skew.
>>
>> I'll expand on this shortly to add something that will hopefully add some
>> commonly-used features from the Keycloak plugin:
>>
>> - Allow extraction of roles for authorization
>> - Forward token fields as headers (e.g. X-Sub = sub)
>>
>> Regards,
>> Marc
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20170110/a97bc597/attachment.html
More information about the Apiman-user
mailing list