Enforcing proof-of-possession - 8.0

Talend ESB STS User Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Last publication date
2023-09-14

Recall that the TokenCanceller interface has a setVerifyProofOfPossession method which defines whether proof-of-possession is required or not to cancel a security token. The default value for the SCTCanceller is true.

This means that for the client to successfully cancel a SecurityContextToken it must prove to the STS that it knows the secret key associated with that SecurityContextToken. The client must do this by signing some portion of the request with the same secret key that the SCTCanceller retrieves from the security token stored in the cache.