lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (Jira) <>
Subject [jira] [Resolved] (SOLR-13713) JWTAuthPlugin to support multiple JWKS endpoints
Date Tue, 10 Sep 2019 11:18:00 GMT


Jan Høydahl resolved SOLR-13713.
    Resolution: Fixed

> JWTAuthPlugin to support multiple JWKS endpoints
> ------------------------------------------------
>                 Key: SOLR-13713
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 8.2
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: JWT
>             Fix For: 8.3
>          Time Spent: 20m
>  Remaining Estimate: 0h
> Some [Identity Providers|] do not expose all
JWK keys used to sign access tokens through the main [JWKS |] endpoint
exposed through OIDC Discovery. For instance Ping Federate can have multiple Token Providers,
each exposing its signing keys through separate JWKS endpoints. 
> To support these, the JWT plugin should optinally accept an array of URLs for the {{jwkUrl}}
configuration option. If an array is provided, then we'll fetch all the JWKS and validate
the JWT against all before we fail the request.

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message