You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2022/06/03 12:03:00 UTC
[jira] [Assigned] (SOLR-16230) JWT-Auth: Support for Keycloak-Style nested roles
[ https://issues.apache.org/jira/browse/SOLR-16230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl reassigned SOLR-16230:
----------------------------------
Assignee: Jan Høydahl
> JWT-Auth: Support for Keycloak-Style nested roles
> -------------------------------------------------
>
> Key: SOLR-16230
> URL: https://issues.apache.org/jira/browse/SOLR-16230
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication, Authorization
> Affects Versions: 8.11.1
> Environment: Solr 8.11 with Keycloak 16.1.1
> Reporter: Marco
> Assignee: Jan Høydahl
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The _rolesClaim_ for a JWT Token, as documented in [https://solr.apache.org/guide/8_11/jwt-authentication-plugin.html#configuration-parameters,] does not support "nested roles".
> That is, consider the following claim, as returned by [keycloak|[https://www.keycloak.org/]] if the user has the role _user_ for the client {_}solr{_}:
> {{"resource_access": {}}
> {{ "solr": {}}
> {{ "roles": [}}
> {{ "user"}}
> {{ ]}}
> {{ },}}
> {{ "account": {}}
> {{ "roles": [}}
> {{ "manage-account",}}
> {{ "manage-account-links",}}
> {{ "view-profile"}}
> {{ ]}}
> }
>
> Here a nested roles claim would have to apply to match. Something like _rolesClaim="resource_access.solr.roles"_
> This is currently not supported. I am working on a Pull Request.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org