You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (Jira)" <ji...@apache.org> on 2021/03/19 13:37:00 UTC

[jira] [Created] (KNOX-2556) Enhance JWTProvider to accept knox.id as Passcode Token

Larry McCay created KNOX-2556:
---------------------------------

             Summary: Enhance JWTProvider to accept knox.id as Passcode Token
                 Key: KNOX-2556
                 URL: https://issues.apache.org/jira/browse/KNOX-2556
             Project: Apache Knox
          Issue Type: Improvement
          Components: Server
            Reporter: Larry McCay


This enhancement enables the use of the previously internal knox.id as a Passcode Token for accessing proxied resources as an Authorization Bearer token or HTTP Basic password. This id has been used to bind incoming KnoxTokens (JWT) that embed such an id to the metadata in the Token State Server in order to provide server side state management.

The motivation for this is the fact that certain 3rd party BI tooling such as tableau not only have the inability to set a bearer token but also have size limitations on the password field used to collect the username and password credentials.

We will need to enhance the current JWTProvider to not require an actual JWT but the Passcode Token will represent the same backend metadata.

This does mean that Passcode Tokens can only be used with the Token State Server functionality enabled for both the KnoxToken service and the JWTProvider federation provider.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)