Marco created SOLR-16230: ---------------------------- Summary: JWT-Auth: Support for Keycloak-Style nested roles Key: SOLR-16230 URL: https://issues.apache.org/jira/browse/SOLR-16230 Project: Solr Issue Type: New Feature Security Level: Public (Default Security Level. Issues are Public) Components: Authentication, Authorization Affects Versions: 8.11.1 Environment: Solr 8.11 with Keycloak 16.1.1 Reporter: Marco
The _rolesClaim_ for a JWT Token, as documented in [https://solr.apache.org/guide/8_11/jwt-authentication-plugin.html#configuration-parameters,] does not support "nested roles". That is, consider the following claim, as returned by [keycloak|[https://www.keycloak.org/],] if the user has the role _user_ for the client {_}solr{_}: {quote} "resource_access": { "solr": { "roles": [ "user" ] }, "account": { "roles": [ "manage-account", "manage-account-links", "view-profile" ] } } {quote} Here a nested roles claim would have to apply to match. Something like _rolesClaim="resource_access.solr.roles"_ This is currently not supported. I am working on a Pull Request. -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org