Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-340

Use secrets API in Jwt Session Module

    Details

    • Type: Story
    • Status: Resolved
    • Resolution: Fixed
    • Fix Version/s: 24.0.0
    • Component/s: Secrets
    • Labels:

      Description

      The jwt session JASPI module currently uses a keystore file and alias for encryption, and a static byte array for signing of JWTs. This should be changed to use the Secrets API.

      The amount of impact on AM is: Low (AM has already overridden this class to integrate with the secrets API in 6.1)
      The amount of impact on IDM is: Medium (We will make use of the work AM has done. This will require config change and providing the secrets provider to the service. This will also have UI impact)
      The amount of impact on IG is: None - not used.

      Acceptance criteria

      • The DefaultJwtCryptographyHandler is changed to use the Secrets API
      • The Purpose.SIGN, Purpose.VERIFY, Purpose.KEY_ENCRYPTION and Purpose.KEY_DECRYPTION purposes are used by the module
      • A SecretsProvider is expected in the initialization map, and is used to obtain the necessary secret values.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jason Jason Lemay
                Reporter:
                jamesphillpotts James Phillpotts
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: