You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by ilgrosso <gi...@git.apache.org> on 2018/06/27 07:37:49 UTC

[GitHub] syncope issue #79: Exposed JWT signature algorithm in security.properties. T...

Github user ilgrosso commented on the issue:

    https://github.com/apache/syncope/pull/79
  
    Hi @noorulrazvi-saal, thanks for this PR!
    
    Before merging, could you please:
    1. sign and send an [ICLA](http://syncope.apache.org/contributing#How_do_I_become_a_contributor_or_a_committer)
    1. open an issue on [JIRA](https://issues.apache.org/jira/projects/SYNCOPE?) for such an improvement
    1. fix the failing tests (maybe the reason is only the default value for algorithm, as pointed in my previous comemnt):
    ```
    [INFO] Running org.apache.syncope.fit.core.JWTITCase
    [ERROR] Tests run: 12, Failures: 1, Errors: 2, Skipped: 0, Time elapsed: 2.75 s <<< FAILURE! - in org.apache.syncope.fit.core.JWTITCase
    [ERROR] queryUsingToken  Time elapsed: 0.26 s  <<< ERROR!
    java.security.AccessControlException: Invalid signature found in JWT
    	at org.apache.syncope.fit.core.JWTITCase.queryUsingToken(JWTITCase.java:129)
    [ERROR] tokenValidation  Time elapsed: 0.14 s  <<< ERROR!
    java.security.AccessControlException: Invalid signature found in JWT
    	at org.apache.syncope.fit.core.JWTITCase.tokenValidation(JWTITCase.java:174)
    [ERROR] getJWTToken  Time elapsed: 0.246 s  <<< FAILURE!
    org.opentest4j.AssertionFailedError: expected: <true> but was: <false>
    	at org.apache.syncope.fit.core.JWTITCase.getJWTToken(JWTITCase.java:80)
    ```
    
    Thanks!


---