You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Alexander Rettner (JIRA)" <ji...@apache.org> on 2019/05/28 20:07:00 UTC

[jira] [Created] (TOMEE-2533) Compliance with MicroProfile JWT Auth

Alexander Rettner created TOMEE-2533:
----------------------------------------

             Summary: Compliance with MicroProfile JWT Auth
                 Key: TOMEE-2533
                 URL: https://issues.apache.org/jira/browse/TOMEE-2533
             Project: TomEE
          Issue Type: Bug
          Components: TomEE Core Server
    Affects Versions: 8.0.0-M2
            Reporter: Alexander Rettner


The Specification of MicroProfile JWT RBAC requests that an issuer claim must be present in the token and valid. But TomEE is in the tested version 8.0.0-M2 not compliant with respect to MP.

The specification says exactly:"The {{mp.jwt.verify.issuer}} config property allows for the expected value of the {{iss}} claim to be specified. A MicroProfile JWT implementation must verify the {{iss}} claim of incoming JWTs is present and matches the configured value of {{mp.jwt.verify.issuer}}."

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)