Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15423

JWTAuthPlugin support for custom truststore

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 9.0
    • security
    • None

    Description

      The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to fetch signing keys. If that IdP has a custom SSL certificate not signed by any of the root certs shipping with Java, then we need to add its certificate to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed cert of the IdP.

      In the k8s world it is quite common to terminate SSL in a mesh network outside applications or in the ingress controller. This won't work with the use case discussed above, since Jetty's TrustStore is not enabled at all when Solr is running in non-SSL mode.

      The proposal is to let JWT manage its own TrustStore by configuration.

      Attachments

        1. jwt-refguide.png
          42 kB
          Jan Høydahl

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. SOLR-15484 Frequent test failures for JWTAuthPluginIntegrationTest

          • Major - Major loss of function.
          • Reopened
          links to

          Web Link GitHub Pull Request #139

          Activity

            People

              janhoy Jan Høydahl
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 4h 40m
                  4h 40m