Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13713

JWTAuthPlugin to support multiple JWKS endpoints

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.2
    • Fix Version/s: 8.3
    • Component/s: security
    • Labels:

      Description

      Some Identity Providers do not expose all JWK keys used to sign access tokens through the main JWKS endpoint exposed through OIDC Discovery. For instance Ping Federate can have multiple Token Providers, each exposing its signing keys through separate JWKS endpoints. 

      To support these, the JWT plugin should optinally accept an array of URLs for the jwkUrl configuration option. If an array is provided, then we'll fetch all the JWKS and validate the JWT against all before we fail the request.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                janhoy Jan Høydahl
                Reporter:
                janhoy Jan Høydahl
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m