[
https://issues.apache.org/jira/browse/SOLR-13713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16921448#comment-16921448
]
Jan Høydahl commented on SOLR-13713:
------------------------------------
See pull request [#852|https://github.com/apache/lucene-solr/pull/852] for
proposed implementation. I have refactored the configuration of Issuer and how
signature verification is called.
Will try to target the 8.3 release.
> JWTAuthPlugin to support multiple JWKS endpoints
> ------------------------------------------------
>
> Key: SOLR-13713
> URL: https://issues.apache.org/jira/browse/SOLR-13713
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 8.2
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: JWT
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do
> not expose all JWK keys used to sign access tokens through the main [JWKS
> |https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For
> instance Ping Federate can have multiple Token Providers, each exposing its
> signing keys through separate JWKS endpoints.
> To support these, the JWT plugin should optinally accept an array of URLs for
> the {{jwkUrl}} configuration option. If an array is provided, then we'll
> fetch all the JWKS and validate the JWT against all before we fail the
> request.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
