[
https://issues.apache.org/jira/browse/SOLR-15423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17365806#comment-17365806
]
ASF subversion and git services commented on SOLR-15423:
--------------------------------------------------------
Commit 3155565420ac84b11cf8507cef7c412a87b15006 in solr's branch
refs/heads/main from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=3155565 ]
SOLR-15423 Redesign integration test, with cluster in local scope variable per
test (#182)
SOLR-15484
> JWTAuthPlugin support for custom truststore
> -------------------------------------------
>
> Key: SOLR-15423
> URL: https://issues.apache.org/jira/browse/SOLR-15423
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: main (9.0)
>
> Attachments: jwt-refguide.png
>
> Time Spent: 4h 40m
> Remaining Estimate: 0h
>
> The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to
> fetch signing keys. If that IdP has a custom SSL certificate not signed by
> any of the root certs shipping with Java, then we need to add its certificate
> to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed
> cert of the IdP.
> In the k8s world it is quite common to terminate SSL in a mesh network
> outside applications or in the ingress controller. This won't work with the
> use case discussed above, since Jetty's TrustStore is not enabled at all when
> Solr is running in non-SSL mode.
> The proposal is to let JWT manage its own TrustStore by configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
