You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2019/08/23 13:18:00 UTC
[jira] [Created] (SOLR-13713) JWTAuthPlugin to support multiple
JWKS endpoints
Jan Høydahl created SOLR-13713:
----------------------------------
Summary: JWTAuthPlugin to support multiple JWKS endpoints
Key: SOLR-13713
URL: https://issues.apache.org/jira/browse/SOLR-13713
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 8.2
Reporter: Jan Høydahl
Assignee: Jan Høydahl
Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do not expose all JWK keys used to sign access tokens through the main [JWKS |https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For instance Ping Federate can have multiple Token Providers, each exposing its signing keys through separate JWKS endpoints.
To support these, the JWT plugin should optinally accept an array of URLs for the {{jwkUrl}} configuration option. If an array is provided, then we'll fetch all the JWKS and validate the JWT against all before we fail the request.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org