[
https://issues.apache.org/jira/browse/SOLR-15423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mayya Sharipova updated SOLR-15423:
-----------------------------------
Security: (was: Public)
> JWTAuthPlugin support for custom truststore
> -------------------------------------------
>
> Key: SOLR-15423
> URL: https://issues.apache.org/jira/browse/SOLR-15423
> Project: Solr
> Issue Type: Improvement
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: main (9.0)
>
> Attachments: jwt-refguide.png
>
> Time Spent: 4h 40m
> Remaining Estimate: 0h
>
> The JWT plugin performs outbound HTTPS traffic to Identity Provider (IdP) to
> fetch signing keys. If that IdP has a custom SSL certificate not signed by
> any of the root certs shipping with Java, then we need to add its certificate
> to Jetty/Java's TrustStore to tell Solr that it should trust the self-signed
> cert of the IdP.
> In the k8s world it is quite common to terminate SSL in a mesh network
> outside applications or in the ingress controller. This won't work with the
> use case discussed above, since Jetty's TrustStore is not enabled at all when
> Solr is running in non-SSL mode.
> The proposal is to let JWT manage its own TrustStore by configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
