[Progress Communities] [Progress OpenEdge ABL] Forum Post: RE: PASOE: access to the HTTP Authorization header from web handler

Status
Not open for further replies.
M

Michael Jacobs

Guest
For OAuth2/JWT SSO support, the Spring Spring layer will populate the Client-Principal (delivered to the ABL application) with a validated JWT's payload claims. In your application you can access the JWT claims without parsing the JWT yourself, which ensures that the claims used by the Spring Security layer are also those used by your application. You also have the option of passing the full HTTP request Authorization header's JWT as a Client-Principal property "token_value" when you configure 'OEClientPrincipalFilter.forwardToken=true'. If present, the Client-Principal property 'token_value' can be used to build the Authorization header's 'bearer' scheme and downstream SSO to another OAuth2 resource.

Continue reading...
 
Status
Not open for further replies.

Similar threads

J
  • Locked
[Progress News] [Progress OpenEdge ABL] MarkLogic Server 11.2: Impact Driven. Developer Focused.
Replies
0
Views
174
James Kerr
J
S
  • Locked
[Progress News] [Progress OpenEdge ABL] Model Storing with Concepts Server: Streamlined Access, Easy Retrieval and Better Collaboration
Replies
0
Views
198
Steve Biondi
S
J
  • Locked
[Progress News] [Progress OpenEdge ABL] Top 10 Questions on Taxonomies, Ontologies and Semantic Layers—Answered!
Replies
0
Views
234
Jim Morris
J
J
  • Locked
[Progress News] [Progress OpenEdge ABL] Key Benefits of Managed File Transfer Software
Replies
0
Views
348
John Iwuozor
J
T
  • Locked
[Progress News] [Progress OpenEdge ABL] Tracking Important Interactions on Non-Sitefinity Web Assets via GTM
Replies
0
Views
396
The Progress Team
T
Top