JWT claim based policy

The recent XC WAAP release supports the JWT discovery and extracts the claims from the token.


It could be powerful to stop access control-related attacks if we can set the policy based on JWT claims in XC WAAP. For example, if the user's group info is included as a token claim and we can enforce the policy based on the claim, we can stop/mitigate the BFLA attack effectively.




  • Jin Won LEE
  • May 22 2023
  • Attach files