[ https://issues.apache.org/jira/browse/SOLR-16230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marco updated SOLR-16230: ------------------------- Attachment: image-2022-06-08-09-28-22-021.png > JWT-Auth: Support for Keycloak-Style nested roles > ------------------------------------------------- > > Key: SOLR-16230 > URL: https://issues.apache.org/jira/browse/SOLR-16230 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: Authentication, Authorization > Affects Versions: 8.11.1 > Environment: Solr 8.11 with Keycloak 16.1.1 > Reporter: Marco > Assignee: Jan Høydahl > Priority: Major > Attachments: image-2022-06-07-15-05-08-010.png, > image-2022-06-08-09-28-22-021.png > > Time Spent: 40m > Remaining Estimate: 0h > > The _rolesClaim_ for a JWT Token, as documented in > [https://solr.apache.org/guide/8_11/jwt-authentication-plugin.html#configuration-parameters,] > does not support "nested roles". > That is, consider the following claim, as returned by > [keycloak|[https://www.keycloak.org/]] if the user has the role _user_ for > the client {_}solr{_}: > {{"resource_access": {}} > {{ "solr": {}} > {{ "roles": [}} > {{ "user"}} > {{ ]}} > {{ },}} > {{ "account": {}} > {{ "roles": [}} > {{ "manage-account",}} > {{ "manage-account-links",}} > {{ "view-profile"}} > {{ ]}} > } > > Here a nested roles claim would have to apply to match. Something like > _rolesClaim="resource_access.solr.roles"_ > This is currently not supported. I am working on a Pull Request. -- This message was sent by Atlassian Jira (v8.20.7#820007) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org