Jan Høydahl created SOLR-15423:
----------------------------------
Summary: JWTAuthPlugin support for custom truststore
Key: SOLR-15423
URL: https://issues.apache.org/jira/browse/SOLR-15423
Project: Solr
Issue Type: New Feature
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Reporter: Jan Høydahl
Assignee: Jan Høydahl
The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to
fetch signing keys. If that IdP has a custom SSL certificate not signed by any
of the root certs shipping with Java, then we need to add its certificate to
Jetty/Java's TrustStore to tell Solr that it should trust the self-signed cert
of the IdP.
In the k8s world it is quite common to terminate SSL in a mesh network outside
applications or in the ingress controller. This won't work with the use case
discussed above, since Jetty's TrustStore is not enabled at all when Solr is
running in non-SSL mode.
The proposal is to let JWT manage its own TrustStore by configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
