[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17900778#comment-17900778 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/maven/org.apache.derby-derby-10.17.1.0 from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Fix For: 2.1.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896815#comment-17896815 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/npm_and_yarn/gateway-admin-ui/multi-9f37c16f8f from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896811#comment-17896811 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/maven/commons-io-commons-io-2.14.0 from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896813#comment-17896813 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/maven/org.apache.hadoop-hadoop-common-3.4.0 from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896809#comment-17896809 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/npm_and_yarn/knox-homepage-ui/multi-9f37c16f8f from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896807#comment-17896807 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/dependabot/maven/jetty.version-9.4.56.v20240826 from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KNOX-3073) Token verification fallback to Knox keys behavior should configurable
[ https://issues.apache.org/jira/browse/KNOX-3073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896801#comment-17896801 ] ASF subversion and git services commented on KNOX-3073: --- Commit 7dd8b4318c8a685985b08cd2870bf212be814db2 in knox's branch refs/heads/master from Philip Zampino [ https://gitbox.apache.org/repos/asf?p=knox.git;h=7dd8b4318 ] KNOX-3073 - Token verification fallback to Knox keys behavior should configurable (#949) > Token verification fallback to Knox keys behavior should configurable > - > > Key: KNOX-3073 > URL: https://issues.apache.org/jira/browse/KNOX-3073 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Reporter: Philip Zampino >Assignee: Philip Zampino >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > KNOX-3040 > ntroduced support for multiple token verification mechanisms (i.e., PEM, > jwks) for the same topology (provider instance), falling back to Knox's own > signing and TLS keys if any of those configured should fail. > This behavior may not be expected by some, and we should provide the ability > to control the fallback to the Knox keys. > To support deployments expecting the previous behavior, there should be a > provider param for indicating that the new fall-back behavior is desired > (e.g., instance-keys-fallback=true), which defaults to false. > Default Behavior: > * Neither PEM nor jwks URL(s) is configured, attempt verification using (in > order) > ** Knox's signing key > ** Knox's TLS key > * Only PEM is configured: Knox will attempt verification using ONLY the > configured PEM > * Only jwks URL(s) are configured: Knox will attempt verification using ONLY > the configured jwks URL(s) > * PEM AND jwks URL(s) are configured: Knox will attempt verification using > ONLY (in order) > ** The configured PEM > ** The configured jwks URL(s). > instance-keys-fallback=true Behavior: > * Same as default behavior except that in the cases where PEM and/or jwks > URL(s) are configured and fail to verify, Knox will subsequently attempt > verification using (in order): > ** Knox's signing key > ** Knox's TLS key > -- This message was sent by Atlassian Jira (v8.20.10#820010)