Details

    Description

      access to protected application and authenticate to AM. See protected application, take am-auth-jwt cookie, modify it (using jwt.io) and try to access protected application again.

      A

      1. empty aud name will deny access
      2. wrong aud name will deny access
      3. right aud name with wrong nonce will deny access

      B

      setting com.forgerock.agents.jwt.aud.disable=1

      1. empty aud name will allow access
      2. wrong aud name will allow access
      3. right aud name will allow access
      4. right aud name with wrong nonce will allow access

      C

      setting com.forgerock.agents.jwt.aud.disable=0
      com.forgerock.agents.jwt.aud.whitelist=agent1,agent2,agent3

      1. empty aud name will deny access
      2. aud=agent4 will deny access
      3. aud=agent1,agent2 will deny access
      4. aud=, will deny access
      5. aud=agent1 will allow access
      6. right aud name with wrong nonce will allow access

      Attachments

        Issue Links

          Activity

            People

              lubomir.mlich Ľubomír Mlích
              lubomir.mlich Ľubomír Mlích
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: