Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
In some large enterprise environments, there is more than one Identity Provider to issue tokens for users. The equivalent example from the public internet is logging in to a website and choose between multiple pre-defined IdPs (such as Google, GitHub, Facebook etc) in the Oauth2/OIDC flow.
In the enterprise the IdPs could be public ones but most likely they will be private IdPs in various networks inside the enterprise. Users will interact with a search application, e.g. one providing enterprise wide search, and will authenticate with one out of several IdPs depending on their local affiliation. The search app will then request an access token (JWT) for the user and issue requests to Solr using that token.
The JWT plugin currently supports exactly one IdP. This JIRA will extend support for multiple IdPs for access token validation only. To limit the scope of this Jira, Admin UI login must still happen to the "primary" IdP. Supporting multiple IdPs for Admin UI login can be done in followup issues.
Attachments
Attachments
Issue Links
- is required by
-
SOLR-13744 Extend REST API for JWTAuthPlugin
-
- Open
-
-
-
- Open
-
-
-
- Resolved
-
- requires
-
-
- Resolved
-
- links to
