[ https://issues.apache.org/jira/browse/SOLR-12121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16816073#comment-16816073 ]
ASF subversion and git services commented on SOLR-12121: -------------------------------------------------------- Commit 43f5e6170cf884116df3b6f9a32c70d2db0f3397 in lucene-solr's branch refs/heads/branch_8x from Jan Høydahl [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=43f5e61 ] SOLR-12121: Refresh JWK from IdP on invalid sig. Some logging improvements. Minor test fixes (cherry picked from commit 3b3879d8809685ef611101e1b61295982bd2db23) > JWT Authentication plugin > ------------------------- > > Key: SOLR-12121 > URL: https://issues.apache.org/jira/browse/SOLR-12121 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication > Reporter: Jan Høydahl > Assignee: Jan Høydahl > Priority: Major > Fix For: 8.1 > > Attachments: image-2018-08-27-13-04-04-183.png > > Time Spent: 1h 20m > Remaining Estimate: 0h > > A new Authentication plugin that will accept a [Json Web > Token|https://en.wikipedia.org/wiki/JSON_Web_Token] (JWT) in the > Authorization header and validate it by checking the cryptographic signature. > The plugin will not perform the authentication itself but assert that the > user was authenticated by the service that issued the JWT token. > JWT defined a number of standard claims, and user principal can be fetched > from the {{sub}} (subject) claim and passed on to Solr. The plugin will > always check the {{exp}} (expiry) claim and optionally enforce checks on the > {{iss}} (issuer) and {{aud}} (audience) claims. > The first version of the plugin will only support RSA signing keys and will > support fetching the public key of the issuer through a [Json Web > Key|https://tools.ietf.org/html/rfc7517] (JWK) file, either from a https URL > or from local file. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org