You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/04 04:55:00 UTC
[jira] [Commented] (JAMES-3455) Configurable login field in jwt
token authentication.
[ https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409806#comment-17409806 ]
Benoit Tellier commented on JAMES-3455:
---------------------------------------
Hello [~andreasvaldma]
How did you succeed to customised the field in the JWT token?
Do you have a code change to share regarding this?
This could be useful to others too - I think being able to do so could enable quick support of SSO solutions like Keycloack (also configuring challenges migh be required) though SLO might need more work (to maintain a session invalidated via for instance a endpoint called by keycloak upon logout).
I'm thus curious about your setup regarding this and happy if some of it can land in the Apache project.
Regards,
Benoit
> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
> Key: JAMES-3455
> URL: https://issues.apache.org/jira/browse/JAMES-3455
> Project: James Server
> Issue Type: Wish
> Reporter: Andreas Valdma
> Priority: Minor
>
> We have a production system that uses jwt tokens. Unfortunately the subject field in our JWT token has a different value than we want for our emails. We are thinking of adding an additional field like "email" to the JWT token and making a new configuration key for james, that shows from which field to load the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier extracts the login from the JWT token.
> For example, in case of a JWT token content:
> {code:java}
> {
> "sub": "1234567890",
> "name": "John Doe",
> "iat": 1516239022,
> "email": "abcdefghij@example.com"
> }{code}
> I'd configure the login field as "email", then "abcdefghij@example.com" will be extracted as the login for the user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org