[OPENIDM-11422] Session JWT key usage is not clear Created: 31/Jul/18  Updated: 14/Aug/18  Resolved: 09/Aug/18

Status: Closed
Project: OpenIDM
Component/s: documentation
Affects Version/s: OpenIDM 6.0.0
Fix Version/s: 6.0.0.1

Type: Bug Priority: Major
Reporter: Andrew Potter Assignee: Mike Jang [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: Sustaining
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on COMMONS-340 Use secrets API in Jwt Session Module Resolved
Relates
relates to OPENIDM-11396 Create documentation for secrets.json... Closed
Target Version/s:
Verified Version/s:
Story Points: 1
Sprint: OpenIDM Sprint 6.5-6

 Description   

IDM docs...

This section of the doc:

https://backstage.forgerock.com/docs/idm/6/integrators-guide/#supported-session-modules

highlights the keyAlias for the JWT_SESSION module, but doesn't really explain what that keyAlias is for.  The keyAlias refers to a boot.properties item &{openidm.https.keystore.cert.alias} which translates to the openidm-localhost alias in a default config.

Then, this section:

https://backstage.forgerock.com/docs/idm/6/integrators-guide/#display-keystore-over-rest

says that openidm-jwtsessionhmac-key is used by the session JWT module to encrypt session cookies.

It's not clear what the relationship is between these things, or how/why/if the session module uses these different aliases.



 Comments   
Comment by Mike Jang [X] (Inactive) [ 31/Jul/18 ]

Linked and made dependent on commons-340, as the use of JWT may be evolving.

Comment by Brendan Miller [ 02/Aug/18 ]

Due to the secrets implementation, these concerns will not exist in 6.5, or will be configured/defined anew. We expect better docs of the new functionality.

Mike Jang [X] Check with Jason Lemay on how to improve 6.0 documentations.

Comment by Mike Jang [X] (Inactive) [ 02/Aug/18 ]

Change for 6.5 being made in OPENIDM-11295 and this PR

Comment by Mike Jang [X] (Inactive) [ 02/Aug/18 ]

As Brendan Miller noted, I need to make sure – for 6.5 – that the new version of this, in secrets.json

(probably) mainKeyAlias, keyName should explain how this works.

Comment by Jakub Janoska [X] (Inactive) [ 08/Aug/18 ]

Is it related to OpenIDM 6.0.0.1? And is there any plan to add anything about this for 6.0.0.1 docs? We have planned release to the 13/Aug/2018.

Comment by Mike Jang [X] (Inactive) [ 08/Aug/18 ]

Hi Jakub Janoska [X] – I forgot about this (it had the label in the wrong place, so we weren't tracking it.) I may be able to work on this today.

Comment by Mike Jang [X] (Inactive) [ 09/Aug/18 ]

PR: https://stash.forgerock.org/projects/OPENIDM/repos/openidm-docs/pull-requests/1966/overview

Will be merged in the next available release of 6.0.x (6.0.0.1, I think, but that's up to Gene Hirayama)

Andrew Potter for 6.5 and on, I'll incorporate the intent of this in OPENIDM-11396 (since we're moving to secrets.json, I'm rewriting the section somewhat)

Comment by Jakub Janoska [X] (Inactive) [ 14/Aug/18 ]

 Verified on https://backstage.forgerock.com/docs/idm/6/integrators-guide/.

Generated at Sun Sep 27 21:58:50 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.