[RTFACT-16533] Access Federation - Tokens - from * is not working Created: 29/Apr/18  Updated: 30/Apr/18  Resolved: 30/Apr/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Access Tokens
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0

Type: Bug Priority: Normal
Reporter: Rotem Kfir Assignee: Noam Shemesh
Resolution: Fixed Votes: 0
Labels: None


1) Define service mapping in the target artifactory with from *:

curl -uaccess-admin:password "http://localhost:8082/access/api/v1/config" -XPATCH -H "Content-Type: application/json" -v -d '{"config":"federation:\n  inbound:\n    service-id-mapping: \n    - from: jfrt@*\n      to: jfrt@01cc8k2raa3pkq1bna3rkw0exf"}'

2) create a token at the source artifactory (e.g. a token that belongs to a group with admin privileges)

curl -uadmin:password -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=rotemk" -d "scope=member-of-groups:GroupDeleteRepo"

3) try to use it at the target artifactory (e.g. delete a repo)

curl -urotemk:eyJ2Z... -XDELETE "http://localhost:8082/artifactory/api/repositories/maven-local2"


Expected: Repository maven-local2 and all its content have been removed successfully.

Actual: {
"errors" : [

{ "status" : 401, "message" : "Token failed verification: audience" }



Note that when the service mapping is from a specific service id, the above works fine.



Generated at Wed Jun 03 01:07:29 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.