lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (Jira) <>
Subject [jira] [Commented] (SOLR-13713) JWTAuthPlugin to support multiple JWKS endpoints
Date Thu, 05 Sep 2019 11:34:00 GMT


Jan Høydahl commented on SOLR-13713:

Precommit and tests pass. Please review if you are interested in this feature. Plan to merge
next week.

> JWTAuthPlugin to support multiple JWKS endpoints
> ------------------------------------------------
>                 Key: SOLR-13713
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 8.2
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: JWT
>          Time Spent: 10m
>  Remaining Estimate: 0h
> Some [Identity Providers|] do not expose all
JWK keys used to sign access tokens through the main [JWKS |] endpoint
exposed through OIDC Discovery. For instance Ping Federate can have multiple Token Providers,
each exposing its signing keys through separate JWKS endpoints. 
> To support these, the JWT plugin should optinally accept an array of URLs for the {{jwkUrl}}
configuration option. If an array is provided, then we'll fetch all the JWKS and validate
the JWT against all before we fail the request.

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message