JWT access token inbound propagation fails when a JWT sent as segments starts with "Bearer" #19673
Labels
release bug
This bug is present in a released version of Open Liberty
release:22003
team:Security SSO
Projects
Describe the bug
JWT access token inbound propagation fails when a JWT sent as segments starts with "Bearer".
Liberty has support to accept multiple headers from WebSeal that include portions of a JWT access token. The first header, "Authorization-segments", for example, indicates how many "n" segments follow. The rest of the headers "Authorization-1" through "Authorization-n" contain the JWT access token. When "Authorization-1" starts with "Bearer", the access token cannot be parsed correctly for inbound propagation.
If there is a stack trace, please include the FULL stack trace (without any
[internal classes]
lines in it). To find the full stack trace, you may need to check in$WLP_OUTPUT_DIR/messages.log
The stack trace is similar to,
Steps to Reproduce
Steps to reproduce the bug
Expected behavior
A clear and concise description of what you expected to happen.
If JWT segments are sent and the first header, "Authorization-segments-1", starts with "Bearer", it should be processed correctly as when a JWT is sent using the "Authorization: Bearer "
Diagnostic information:
java -version
]$WLP_OUTPUT_DIR/messages.log
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: