[jboss-jira] [JBoss JIRA] (ELY-1507) JwtValidator issuer and audience check ignoring does not work
Martin Mazanek (JIRA)
issues at jboss.org
Fri Feb 9 10:49:00 EST 2018
[ https://issues.jboss.org/browse/ELY-1507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Mazanek updated ELY-1507:
--------------------------------
Description:
https://tools.ietf.org/html/rfc7519
JwtValidator implements iss clam as optional, samy way as stated in RFC7519. The validator is supposed to ignore iss check if its issuers set was empty, however even though it logs that issuer check is ignored it still checks it and rejects all tokens that do not contain iss claim.
> JwtValidator issuer and audience check ignoring does not work
> -------------------------------------------------------------
>
> Key: ELY-1507
> URL: https://issues.jboss.org/browse/ELY-1507
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Reporter: Martin Mazanek
> Assignee: Martin Mazanek
>
> https://tools.ietf.org/html/rfc7519
> JwtValidator implements iss clam as optional, samy way as stated in RFC7519. The validator is supposed to ignore iss check if its issuers set was empty, however even though it logs that issuer check is ignored it still checks it and rejects all tokens that do not contain iss claim.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list