[
https://issues.apache.org/jira/browse/SOLR-15423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360727#comment-17360727
]
ASF subversion and git services commented on SOLR-15423:
--------------------------------------------------------
Commit 11ce8b8b27707815b4dd484bc9cce2dc2fb7e520 in solr's branch
refs/heads/main from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=11ce8b8 ]
SOLR-15423 JWTAuthPlugin support for custom truststore (#139)
> JWTAuthPlugin support for custom truststore
> -------------------------------------------
>
> Key: SOLR-15423
> URL: https://issues.apache.org/jira/browse/SOLR-15423
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Attachments: jwt-refguide.png
>
> Time Spent: 4.5h
> Remaining Estimate: 0h
>
> The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to
> fetch signing keys. If that IdP has a custom SSL certificate not signed by
> any of the root certs shipping with Java, then we need to add its certificate
> to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed
> cert of the IdP.
> In the k8s world it is quite common to terminate SSL in a mesh network
> outside applications or in the ingress controller. This won't work with the
> use case discussed above, since Jetty's TrustStore is not enabled at all when
> Solr is running in non-SSL mode.
> The proposal is to let JWT manage its own TrustStore by configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
