You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/04 04:55:00 UTC

[jira] [Commented] (JAMES-3455) Configurable login field in jwt token authentication.

    [ https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409806#comment-17409806 ] 

Benoit Tellier commented on JAMES-3455:
---------------------------------------

Hello [~andreasvaldma]

How did you succeed to customised the field in the JWT token?

Do you have a code change to share regarding this?

This could be useful to others too - I think being able to do so could enable quick support of SSO solutions like Keycloack (also configuring challenges migh be required) though SLO might need more work (to maintain a session invalidated via for instance a endpoint called by keycloak upon logout).

I'm thus curious about your setup regarding this and happy if some of it can land in the Apache project.

Regards,

Benoit

> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
>                 Key: JAMES-3455
>                 URL: https://issues.apache.org/jira/browse/JAMES-3455
>             Project: James Server
>          Issue Type: Wish
>            Reporter: Andreas Valdma
>            Priority: Minor
>
> We have a production system that uses jwt tokens. Unfortunately the subject field in our JWT token has a different value than we want for our emails. We are thinking of adding an additional field like "email" to the JWT token and making a new configuration key for james, that shows from which field to load the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier extracts the login from the JWT token.
> For example, in case of a JWT token content:
> {code:java}
> {
>  "sub": "1234567890",
>  "name": "John Doe",
>  "iat": 1516239022,
>  "email": "abcdefghij@example.com"
> }{code}
> I'd configure the login field as "email", then "abcdefghij@example.com" will be extracted as the login for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org