Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: Gateway
Labels:
None

Story Points:
3
Epic Link:
Financial-grade API (FAPI) compliance
Blocked:
False
Blocked Reason:
None
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Doc Version/s:

2.16.0 GA
Target Release:

2.16.0 GA
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

fapi-1-baseline client policy enable secure-client-authenticator executor which only allow the following client authentication mode:

Signed JWT
Signed JWT with client secret
Client x509 certificate

Where as Token Introspection Policy only support `Client ID and secret` mode. The workaround is configure RH-SSO to only apply fapi-1-baseline profile to certain client type.

However, it is worth investigating whether we need to support an authentication mode other than the "Client ID and secret" for Token Introspection Policy

Update 23/05/2024

After some investigation, the following auth mode should be added:

private_key_jwt
client_secret_jwt
~~tls_client_auth~~

mentioned on

Merge request - Updated US source to: bbc60a8 Merge pull request #1464 from tkan145/token_introspection_auth

Assignee:: Unassigned

Reporter:: An Tran

Documenter:: Darren Fennessy

Developer:: An Tran

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/05/02 6:17 AM

Updated:: 2024/07/22 10:02 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates