SecToken verification
If an [IdentityCreationFilter] or a SessionFilter is invoked, nevisProxy receives a SecureToken (also SecToken). For the verification of the SecToken, the certificates of the creator have to be configured. Because this procedure is performed by several filters, it is done in the servlet context:
Name | Type, usage constraints, defaults | Description |
---|---|---|
SectokenVerifierCert | string array optional | The certificates that will be used for the verification of a SecureToken. Multiple unrelated certificates in different files are supported. If a file contains multiple certificates then each of them will be loaded. |
The verification's first step is finding the correct certificate that is associated to the sectoken. This is done by checking the sectoken's fingerprint then comparing it with the loaded certificates' fingerprint.
For a description of the SecToken, see the chapter Nevis SecToken of the nevisAuth Reference Guide.