SecToken verification
If there is an IdentityCreationFilter or a SessionFilter invoked ), nevisProxy receives a SecureToken (for a description of the Secure Token, see chapter 9, Nevis SecToken of the nevisAuth Reference Guide). For the verification of the SecureToken, the certificates of the creator have to be configured. Because this procedure is performed by several filters, it is done in the servlet context:
Name | Type, usage constraints, defaults | Description |
---|---|---|
SectokenVerifierCert | string array optional | The certificates that will be used for the verification of a SecureToken. Multiple unrelated certificates in different files are supported. If a file contains multiple certificates then each of them will be loaded. |
The verification's first step is finding the correct certificate that is associated to the sectoken. This is done by checking the sectoken's fingerprint then comparing it with the loaded certificates' fingerprint.