JWT Validation

1.4.0

February 07, 2024

What’s New

  • The policy definition and policy implementation file are now separate. This enables stronger validations for policy configuration parameters.

1.3.2

August 14, 2023

Minimum Mule Version

Mule 4.1.0

Fixed issues

  • Dynamic configuration no longer fails due to heavy payloads.

1.3.1

October 28, 2022

Minimum Mule Version

Mule 4.1.0

Fixed issues

  • Some parsing errors no longer cause the original payload to be returned in the response.

0.9.0

June 06, 2022

New Features and Enhancements

  • Flex support for Connected Mode.

1.3.0

August 2, 2022

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Introduced support for ES256, ES384, and ES512 signature validation algorithms.

Fixed issues

  • A Cannot parse the token error message was logged with ERROR log level instead of TRACE.

  • Several logs were moved from DEBUG log level to TRACE.

  • The JWKS service URL was exposed in the HTTP response from policies.

1.2.0

June 25, 2021

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Introduced the capability to configure timeouts when fetching the JSON web key sets (JWKS) from the service.

  • Implemented a retry mechanism for failed JWKS fetches from the service.

1.1.4

January 06, 2021

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Added OAS 3.0 code snippet in the policy YAML file.

1.1.3

Apr 30, 2020

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Error handling responses revised for WSDL APIs to be compliant with SOAP 1.1 and 1.2.

  • Performance improvements are introduced to the header manipulation engine.

  • Several performance improvements are introduced in error handling.

Fixed issues

  • After a policy was applied, HTTP headers did not follow the RFC 2616 requirement of case-sensitivity:

  • An error occurred when handling invalid header values of the Basic Authentication policy.

  • When requests are made to the protected API endpoint with the Client ID Enforcement policy that does not include the client ID and/or secret, a log entry is now created with the details. However, this logging occurs only when you have specified the Debug level in the log4j settings.

1.1.2

November 27, 2019

Minimum Mule Version

Mule 4.1.0

Fixed Issues

Escaping issues when setting DataWeave expressions for claim validation.

Known Issues

An error occurs in Mule runtime engine (Mule) versions 4.1.1, 4.1.2, 4.1.3, and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

1.1.1

July 24, 2019

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

Several performance improvements are introduced in this release.

Fixed Issues

The JSON Web Key Set (JWKS) time-to-live (TTL) was not being changed default. This issue is now resolved.

Known Issues

  • An error occurs in Mule runtime engine (Mule) versions 4.1.1, 4.1.2, 4.1.3, and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

  • When JWT policy is applied to a flow running in Mule 4.2.0 or 4.2.1 Mule and the flow contains an operation that runs on a CPU_INTENSIVE thread, like ee:transform, the flow stops responding under load. To resolve the issue, apply a patch to the Mule runtime engine.

1.1.0

April 26, 2019

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Introduced support to encrypt sensitive information related to the policy. The Mule version must be properly configured and must support encryption. Encryption is supported starting with Mule v4.2.0.

  • Serveral performance improvements are introduced in this release.

Known Issues

An error occurs in Mule runtime engine (Mule) versions 4.1.1, 4.1.2, 4.1.3, and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

Fixed Issues

When uploading a Public key, the correct UI description was not being displayed. This issue is now resolved.

Known Issues

  • When JWT policy is applied to a flow running in Mule 4.2.0 or 4.2.1 Mule and the flow contains an operation that runs on a CPU_INTENSIVE thread, like ee:transform, the flow stops responding under load. To resolve the issue, apply a patch to the Mule runtime engine. == 1.0.2

January 29, 2019

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

Improved performance by using CPU intensive scheduler instead of CPU Light.

Fixed Issues

When using a custom claim with DataWeave, an out-of-memory error occurred. This issue is now resolved.

Known Issues

  • When JWT policy is applied to a flow running in Mule 4.2.0 or 4.2.1 Mule and the flow contains an operation that runs on a CPU_INTENSIVE thread, like ee:transform, the flow stops responding under load. To resolve the issue, apply a patch to the Mule runtime engine.

1.0.1

January 10, 2019

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

Improved the RAML and OAS snippets.

Known Issues

  • When JWT policy is applied to a flow running in Mule 4.2.0 or 4.2.1 Mule and the flow contains an operation that runs on a CPU_INTENSIVE thread, like ee:transform, the flow stops responding under load. To resolve the issue, apply a patch to the Mule runtime engine.

1.0.0

December 21, 2018

Minimum Mule Version

4.1.0

Known Issues

  • When JWT policy is applied to a flow running in Mule 4.2.0 or 4.2.1 Mule and the flow contains an operation that runs on a CPU_INTENSIVE thread, like ee:transform, the flow stops responding under load. To resolve the issue, apply a patch to the Mule runtime engine.