You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Alexander Rettner (JIRA)" <ji...@apache.org> on 2019/05/28 20:07:00 UTC
[jira] [Created] (TOMEE-2533) Compliance with MicroProfile JWT Auth
Alexander Rettner created TOMEE-2533:
----------------------------------------
Summary: Compliance with MicroProfile JWT Auth
Key: TOMEE-2533
URL: https://issues.apache.org/jira/browse/TOMEE-2533
Project: TomEE
Issue Type: Bug
Components: TomEE Core Server
Affects Versions: 8.0.0-M2
Reporter: Alexander Rettner
The Specification of MicroProfile JWT RBAC requests that an issuer claim must be present in the token and valid. But TomEE is in the tested version 8.0.0-M2 not compliant with respect to MP.
The specification says exactly:"The {{mp.jwt.verify.issuer}} config property allows for the expected value of the {{iss}} claim to be specified. A MicroProfile JWT implementation must verify the {{iss}} claim of incoming JWTs is present and matches the configured value of {{mp.jwt.verify.issuer}}."
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)