Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13713

JWTAuthPlugin to support multiple JWKS endpoints

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.2
    • 8.3
    • security

    Description

      Some Identity Providers do not expose all JWK keys used to sign access tokens through the main JWKS endpoint exposed through OIDC Discovery. For instance Ping Federate can have multiple Token Providers, each exposing its signing keys through separate JWKS endpoints. 

      To support these, the JWT plugin should optinally accept an array of URLs for the jwkUrl configuration option. If an array is provided, then we'll fetch all the JWKS and validate the JWT against all before we fail the request.

      Attachments

        Issue Links

          is required by

          New Feature - A new feature of the product, which has yet to be developed. SOLR-13734 JWTAuthPlugin to support multiple issuers

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #852

          Activity

            People

              janhoy Jan Høydahl
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m