Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-7660

JWT Claim Check policy excludes allowed methods

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Minor
    • None
    • SaaS
    • Gateway
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Workaround Exists
    • Hide

      Add methods you wish to exclude to the allowed list - treat the "allowed" list as a black list instead of a whitelist.

      Show
      Add methods you wish to exclude to the allowed list - treat the "allowed" list as a black list instead of a whitelist.
    • Hide
      • Add JWT Claim Check policy
      • Configure with no allowed methods (policy defaults to allow_any) and promote config
      • Make a call and confirm it goes through
      • configure with one or more methods and promote config
      • make a call using a method you configured to allow and confirm it's rejected
      • make a call using a method not on the allowed list, confirm it goes through.
      Show
      Add JWT Claim Check policy Configure with no allowed methods (policy defaults to allow_any) and promote config Make a call and confirm it goes through configure with one or more methods and promote config make a call using a method you configured to allow and confirm it's rejected make a call using a method not on the allowed list, confirm it goes through.

    Description

      JWT_Claim_Check policy blocks methods on allow list and allows all other methods.

       

      Example policy config displaying this behaviour:

      {
    "combine_op": "or",
    "methods": [
        "POST",
        "GET"
    ],
    "resource_type": "liquid",
    "operations": [
        {
            "op": "==",
            "jwt_claim_type": "liquid",
            "jwt_claim": "{% if  jwt.realm_access.roles contains \"test1\" %}true{% else %}false{% endif %} ",
            "value_type": "plain",
            "value": "true"
        }
    ],
    "resource": "/"
}

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-ahobson Aimi Hobson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: