[jira] [Commented] (SOLR-13734) JWTAuthPlugin to support multiple issuers

Tue, 17 Sep 2019 01:55:09 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-13734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16931204#comment-16931204
 ] 

Jan Høydahl commented on SOLR-13734:
------------------------------------

I spun out 'requireSub' param removal into its own issue SOLR-13768, meaning 
everything in this PR can go to master and branch_8x.

My current plan is to merge on Thursday.

> JWTAuthPlugin to support multiple issuers
> -----------------------------------------
>
>                 Key: SOLR-13734
>                 URL: https://issues.apache.org/jira/browse/SOLR-13734
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>              Labels: JWT, authentication, pull-request-available
>             Fix For: 8.3
>
>         Attachments: jwt-authentication-plugin.html
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> In some large enterprise environments, there is more than one [Identity 
> Provider|https://en.wikipedia.org/wiki/Identity_provider] to issue tokens for 
> users. The equivalent example from the public internet is logging in to a 
> website and choose between multiple pre-defined IdPs (such as Google, GitHub, 
> Facebook etc) in the Oauth2/OIDC flow.
> In the enterprise the IdPs could be public ones but most likely they will be 
> private IdPs in various networks inside the enterprise. Users will interact 
> with a search application, e.g. one providing enterprise wide search, and 
> will authenticate with one out of several IdPs depending on their local 
> affiliation. The search app will then request an access token (JWT) for the 
> user and issue requests to Solr using that token.
> The JWT plugin currently supports exactly one IdP. This JIRA will extend 
> support for multiple IdPs for access token validation only. To limit the 
> scope of this Jira, Admin UI login must still happen to the "primary" IdP. 
> Supporting multiple IdPs for Admin UI login can be done in followup issues.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to