From 20e363f137b5304b774c51f40a83a22a58179293 Mon Sep 17 00:00:00 2001 From: Jana Vrbkova Date: Thu, 6 Nov 2025 12:18:59 +0100 Subject: [PATCH] RHIDP-7912: omitIdentityTokenOwnershipClaim flag (#1487) * RHIDP-7912 * RHIDP-7912 * RHIDP-7912 * RHIDP-7912 * RHIDP-7912 * RHIDP-7912 * RHIDP-7912 * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * Update proc-reducing-token-size.adoc * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * Update modules/authentication/proc-reducing-token-size.adoc Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> * removed annotations --------- Co-authored-by: Judith Magak <124673476+jmagak@users.noreply.github.com> --- ...sembly-authentication-troubleshooting.adoc | 9 +++++++++ .../assembly-enabling-authentication.adoc | 2 ++ .../proc-reducing-token-size.adoc | 20 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 assemblies/assembly-authentication-troubleshooting.adoc create mode 100644 modules/authentication/proc-reducing-token-size.adoc diff --git a/assemblies/assembly-authentication-troubleshooting.adoc b/assemblies/assembly-authentication-troubleshooting.adoc new file mode 100644 index 0000000000..36a78f9007 --- /dev/null +++ b/assemblies/assembly-authentication-troubleshooting.adoc @@ -0,0 +1,9 @@ +:_mod-docs-content-type: ASSEMBLY + +[id="authentication-troubleshooting"] + += Troubleshooting authentication issues + +Learn how to troubleshoot authentication issues. + +include::modules/authentication/proc-reducing-token-size.adoc[leveloffset=+1] diff --git a/assemblies/assembly-enabling-authentication.adoc b/assemblies/assembly-enabling-authentication.adoc index be673067c5..4d496a0a0b 100644 --- a/assemblies/assembly-enabling-authentication.adoc +++ b/assemblies/assembly-enabling-authentication.adoc @@ -18,3 +18,5 @@ include::modules/authentication/proc-enabling-user-authentication-with-github.ad include::modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc[leveloffset=+1] +include::assembly-authentication-troubleshooting.adoc[leveloffset=+1] + diff --git a/modules/authentication/proc-reducing-token-size.adoc b/modules/authentication/proc-reducing-token-size.adoc new file mode 100644 index 0000000000..6a0931662e --- /dev/null +++ b/modules/authentication/proc-reducing-token-size.adoc @@ -0,0 +1,20 @@ +:_mod-docs-content-type: PROCEDURE + +[id="reducing-token-size"] += Reducing the size of issued tokens + +By default, the authentication backend issues user identity tokens with ownership references of the user in the `ent` claim of the JSON Web Token (JWT) payload. +This makes it easier for consumers of the token to resolve ownership of the user. +However, depending on the structure of your organization and how you resolve ownership claims, the tokens can grow large and cause HTTP errors that prevent you from accessing parts of {product-very-short}. +Use the `omitIdentityTokenOwnershipClaim` flag to remove the `ent` claim from tokens and reduce their size. + +.Procedure + +. In the `{my-app-config-file}` file, set `omitIdentityTokenOwnershipClaim` to `true` as follows: ++ +[source,yaml] +---- +auth: + omitIdentityTokenOwnershipClaim: true +---- +