[
https://issues.apache.org/jira/browse/SOLR-13734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl updated SOLR-13734:
-------------------------------
Description:
In some large enterprise environments, there is more than one [Identity
Provider|https://en.wikipedia.org/wiki/Identity_provider] to issue tokens for
users. The equivalent example from the public internet is logging in to a
website and choose between multiple pre-defined IdPs (such as Google, GitHub,
Facebook etc) in the Oauth2/OIDC flow.
In the enterprise the IdPs could be public ones but most likely they will be
private IdPs in various networks inside the enterprise. Users will interact
with a search application, e.g. one providing enterprise wide search, and will
authenticate with one out of several IdPs depending on their local affiliation.
The search app will then request an access token (JWT) for the user and issue
requests to Solr using that token.
The JWT plugin currently supports exactly one IdP. This JIRA will extend
support for multiple IdPs for access token validation only. To limit the scope
of this Jira, Admin UI login must still happen to the "primary" IdP. Supporting
multiple IdPs for Admin UI login can be done in followup issues.
was:
In some large enterprise environments, there are more than one [Identity
Provider|https://en.wikipedia.org/wiki/Identity_provider] to issue tokens for
users. The classic example from the public internet is logging in to a do a
site and choose between multiple pre-defined IdPs (such as Google, GitHub,
Facebook etc).
In the enterprise world the IdPs will not be these public providers but IdPs
inside various networks inside the enterprise.
The JWT plugin currently supports exactly one IdP. This JIRA will in the first
phase extend support for multiple IdPs for access token validation only, not
Admin UI login, meaning there will be a "main IdP" and optionally multiple
"additional IdPs". Admin UI login will be towards main IdP but validation of
access tokens may be with any of the additional IdPs.
> JWTAuthPlugin to support multiple issuers
> -----------------------------------------
>
> Key: SOLR-13734
> URL: https://issues.apache.org/jira/browse/SOLR-13734
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: JWT, authentication
>
> In some large enterprise environments, there is more than one [Identity
> Provider|https://en.wikipedia.org/wiki/Identity_provider] to issue tokens for
> users. The equivalent example from the public internet is logging in to a
> website and choose between multiple pre-defined IdPs (such as Google, GitHub,
> Facebook etc) in the Oauth2/OIDC flow.
> In the enterprise the IdPs could be public ones but most likely they will be
> private IdPs in various networks inside the enterprise. Users will interact
> with a search application, e.g. one providing enterprise wide search, and
> will authenticate with one out of several IdPs depending on their local
> affiliation. The search app will then request an access token (JWT) for the
> user and issue requests to Solr using that token.
> The JWT plugin currently supports exactly one IdP. This JIRA will extend
> support for multiple IdPs for access token validation only. To limit the
> scope of this Jira, Admin UI login must still happen to the "primary" IdP.
> Supporting multiple IdPs for Admin UI login can be done in followup issues.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
