View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
001023410000-005: Information ModelSpecpublic2025-03-14 21:212025-03-15 15:57
ReporterMatthias Damm Assigned ToJeff Harding  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Product Version1.05.04 
Target Version1.05.06 RC1 
Summary0010234: ClientUserId creation rules for JWT tokens
Description

At the moment the ClientUserId is created from the "sub" claim in the JWT. But the sub is only unique inside one token provider idnetified by the "iss" claim. If more than one token provider is used in a system, the "sub" is not unique enough.

As disucssed in the meeting this week, we need to combine the ClientUserId from "iss" and "sub".

Steps To Reproduce

JWT is missing in "3.2 Abbreviated terms"

Additional Information

6.4.3 AuditEventType

Propose to replace
If the UserIdentityToken is a JWT IssuedIdentityToken then the ClientUserId shall be the SUB field of the JWT IssuedIdentityToken.

With
If the UserIdentityToken is a JWT IssuedIdentityToken, then the ClientUserId shall depend on the existence of the 'iss' (issuer) field of the JWT IssuedIdentityToken. If the 'iss' field is present, the ClientUserId shall be the concatenation of the value of the 'iss' field of the JWT IssuedIdentityToken, a '/' (slash) as separator and the value of the 'sub' field being the SUB field of the JWT IssuedIdentityToken. If the 'iss' field of the JWT IssuedIdentityToken is not present, the ClientUserId shall be the value of the 'sub' field of the JWT IssuedIdentityToken.

TagsNo tags attached.
Commit Version1.05.06 RC1
Fix Due Date2025-05-01

Relationships

related to 0010235 assignedRandy Armstrong 10000-006: Mappings Clarifications for JWT Issued User Identity Tokens 
related to 0010236 assignedMatthias Damm 10000-018: Role-Based Security Clarifications for JWT Issued User Identity Tokens 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2025-03-14 21:21 Matthias Damm New Issue
2025-03-14 21:21 Matthias Damm Status new => assigned
2025-03-14 21:21 Matthias Damm Assigned To => Jeff Harding
2025-03-14 21:29 Matthias Damm Relationship added related to 0010235
2025-03-14 21:36 Matthias Damm Relationship added related to 0010236
2025-03-15 15:56 Jim Luth Fix Due Date => 2025-05-01
2025-03-15 15:57 Jim Luth Commit Version => 1.05.06 RC1