Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-16230

JWT-Auth: Support for Keycloak-Style nested roles

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 8.11.1
    • 9.1
    • None
    • Solr 8.11 with Keycloak 16.1.1

    Description

      The rolesClaim for a JWT Token, as documented in https://solr.apache.org/guide/8_11/jwt-authentication-plugin.html#configuration-parameters, does not support "nested roles".

      That is, consider the following claim, as returned by [keycloak|https://www.keycloak.org/] if the user has the role user for the client solr:

      "resource_access": {
          "solr": {
            "roles": [
              "user"
            ]
          },
          "account": {
            "roles": [
              "manage-account",
              "manage-account-links",
              "view-profile"
            ]

         }

       

      Here a nested roles claim would have to apply to match. Something like rolesClaim="resource_access.solr.roles"

      This is currently not supported. I am working on a Pull Request.

      Attachments

        Issue Links

          Activity

            People

              janhoy Jan Høydahl
              mdescher Marco
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 3h
                  3h