Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update configuring-keystores-in-wso2-api-manager.md primary keystore … #8487

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

BechtelCanDoIt
Copy link

…jwt requirements

Added link to JWT Access Tokens page to address gateway_certificate_alias dependency when replacing the primary key store.

Purpose

Address current documentation gap that caused a client issue after replacing the primary key store and jwt token validation.

Goals

Create completeness based on product dependencies.

Approach

Updated related documentation to point to the page with the related details for that piece.

User stories

N/A

Release note

N/A

Documentation

N/A

Training

N/A

Certification

N/A

Marketing

N/A

Automation tests

N/A

Security checks

N/A

Samples

N/A

Related PRs

N/A

Migrations (if applicable)

N/A

Test environment

N/A

Learning

N/A

…jwt requirements

Added link to JWT Access Tokens page to address gateway_certificate_alias dependency when replacing the primary key store.
@@ -79,6 +79,9 @@ The elements in the above configuration are described below:

By default, the primary keystore configured as above is used for internal data encryption (encrypting data in internal data stores and configuration files) as well as for signing messages that are communicated with external parties. In other words, if we define the primary keystore only, it will be used as both Secondary Keystore (TLS) and Internal Keystore. However, it is sometimes a common requirement to have separate keystores for SSL/TSL connections, communicating messages with external parties (such as JWT, SAML, OIDC id\_token signing) and for encrypting information in internal data stores. This is because, for signing messages and external communications, the keystore certificates need to be frequently renewed. However, for encrypting information in internal data stores, the keystore certificates should not be changed frequently because the data that is already encrypted will become unusable every time the certificate changes.

!!! Important
If you replace the Primary Key Store refer to JWT Requirements: [Importing the public certificate into the client trust store]({{base_path}}/design/api-security/oauth2/access-token-types/jwt-tokens/#importing-the-public-certificate-into-the-client-trust-store)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is somewhat confusing because it introduces a different concept ("JWT Requirements") without clear context or connection. Can you please update the description?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants