Closed patrickmhaller closed 4 years ago
Hi @patrickmhaller,
have you followed this guide: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/Migration_JavaContainerSecurityProjects.md#multiple-xsuaa-bindings
Then i'm not sure, whether there is an easy fix, because you have always two set of validators.
Can you please share with us, which xsuaa plans you make use of, and whether you are already productive or not.
Thanks!
Question whether this is related to this cloud sdk issue: https://github.wdf.sap.corp/MA/sdk/issues/3706
Hi Nena,
We (cloud SDK team) would like to get some insights related to the issue. Following are the questions:
Regards, Tanvi
Hi @TanviiG
remove the "bug" flag. as multiple XsuaaAudienceValidators should never exist. We had a similar issue, when one application was bound to two xsuaa instances of the same type (e.g. application). This is not supported.
The ticket is in status "Author Action" without any activity for 14 days or longer. Thus, closing the ticket. Please reopen if the issue is still relevant.
Hi Team,
we do have multiple (two) XSUAA instances to verify inbound JWTs with, hence two XsuaaAudienceValidators with different configuration:
Hence, we get
The mechanism via
AuthTokenDecoder.decodeAndValidate()
→CombiningValidator
→JwtAudienceValidator
looks functionally correct, but if the wrong validator is hit first, it always records a warning to ELK viaValidationResults.createInvalid()
in any case.In the context of multiple UAAs, could the either this particular logging case be relaxed or the algorithm changed to avoid the log flood?
Thanks, Patrick