You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Mayya Sharipova (Jira)" <ji...@apache.org> on 2021/06/23 13:50:09 UTC

[jira] [Updated] (SOLR-15423) JWTAuthPlugin support for custom truststore

     [ https://issues.apache.org/jira/browse/SOLR-15423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mayya Sharipova updated SOLR-15423:
-----------------------------------
    Security:     (was: Public)

> JWTAuthPlugin support for custom truststore
> -------------------------------------------
>
>                 Key: SOLR-15423
>                 URL: https://issues.apache.org/jira/browse/SOLR-15423
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: main (9.0)
>
>         Attachments: jwt-refguide.png
>
>          Time Spent: 4h 40m
>  Remaining Estimate: 0h
>
> The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to fetch signing keys. If that IdP has a custom SSL certificate not signed by any of the root certs shipping with Java, then we need to add its certificate to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed cert of the IdP.
> In the k8s world it is quite common to terminate SSL in a mesh network outside applications or in the ingress controller. This won't work with the use case discussed above, since Jetty's TrustStore is not enabled at all when Solr is running in non-SSL mode.
> The proposal is to let JWT manage its own TrustStore by configuration.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org