Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15423

JWTAuthPlugin support for custom truststore

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 9.0
    • security
    • None

    Description

      The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to fetch signing keys. If that IdP has a custom SSL certificate not signed by any of the root certs shipping with Java, then we need to add its certificate to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed cert of the IdP.

      In the k8s world it is quite common to terminate SSL in a mesh network outside applications or in the ingress controller. This won't work with the use case discussed above, since Jetty's TrustStore is not enabled at all when Solr is running in non-SSL mode.

      The proposal is to let JWT manage its own TrustStore by configuration.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            janhoy Jan Høydahl
            janhoy Jan Høydahl
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 4h 40m
              4h 40m

              Slack

                Issue deployment