[
https://issues.apache.org/jira/browse/SOLR-13734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928363#comment-16928363
]
Jan Høydahl commented on SOLR-13734:
------------------------------------
[~noble.paul] or others, do you have time for a quick look?
In particular I want feedback on the config syntax change and back-compat. I
have focused on supporting both new-style and old-style issuer configuration
and currently print a warning if old-style (top level json keys instead of
inside 'issuers' array) is used. Although documentation focus on new-style, I
do no plan for removal of the old syntax.
Should we make the two equal and not print deprecation warnings? At minimum we
need to keep support until SOLR-13744 is done.
Also I'd like feedback on whether the CHANGES.txt and RefGuide page is clear
both for old and new users of the plugin.
> JWTAuthPlugin to support multiple issuers
> -----------------------------------------
>
> Key: SOLR-13734
> URL: https://issues.apache.org/jira/browse/SOLR-13734
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: JWT, authentication, pull-request-available
> Fix For: 8.3
>
> Attachments: jwt-authentication-plugin.html
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> In some large enterprise environments, there is more than one [Identity
> Provider|https://en.wikipedia.org/wiki/Identity_provider] to issue tokens for
> users. The equivalent example from the public internet is logging in to a
> website and choose between multiple pre-defined IdPs (such as Google, GitHub,
> Facebook etc) in the Oauth2/OIDC flow.
> In the enterprise the IdPs could be public ones but most likely they will be
> private IdPs in various networks inside the enterprise. Users will interact
> with a search application, e.g. one providing enterprise wide search, and
> will authenticate with one out of several IdPs depending on their local
> affiliation. The search app will then request an access token (JWT) for the
> user and issue requests to Solr using that token.
> The JWT plugin currently supports exactly one IdP. This JIRA will extend
> support for multiple IdPs for access token validation only. To limit the
> scope of this Jira, Admin UI login must still happen to the "primary" IdP.
> Supporting multiple IdPs for Admin UI login can be done in followup issues.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
