Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-4007

JASPA: Update the agent for the AM changes to the "subject" claim in the OIDC JWT

    XMLWordPrintable

    Details

    • Target Version/s:
    • Sprint:
      2021.01 - Agents

      Description

      A recent security fix in AM changes the value in the "subject" claim of the OIDC JWT from the user name, e.g. "fred" to the unique value "(usr!fred)". This allows AM to distinguish between users called "fred" and Agents called "fred" and presumably also several other kinds of entity called "fred".

      Whereas the use of "(usr!fred)" is completely transparent as far as AM is concerned (i.e. "fred" + context or "(usr!fred)" with presumably less context) are completely equivalent) it does create some interesting entries in the log files which readers may consider to be errors.

      For this reason the Agent should use the new "subname" claim, which is set to the "old" username.

        Attachments

          Activity

            People

            Assignee:
            tony.bamford Tony Bamford
            Reporter:
            tony.bamford Tony Bamford
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: