[jira] [Commented] (SOLR-12121) JWT Authentication plugin

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SOLR-12121) JWT Authentication plugin

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-12121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16749862#comment-16749862 ]

ASF subversion and git services commented on SOLR-12121:
--------------------------------------------------------

Commit ea2c8ba38e32a9f1e7d11cf3687c5469bfd6414c in lucene-solr's branch refs/heads/master from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=ea2c8ba ]

SOLR-12121: JWT Token authentication plugin with OpenID Connect implicit flow login through Admin UI


> JWT Authentication plugin
> -------------------------
>
>                 Key: SOLR-12121
>                 URL: https://issues.apache.org/jira/browse/SOLR-12121
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: Authentication
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: master (9.0)
>
>         Attachments: image-2018-08-27-13-04-04-183.png
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> A new Authentication plugin that will accept a [Json Web Token|https://en.wikipedia.org/wiki/JSON_Web_Token] (JWT) in the Authorization header and validate it by checking the cryptographic signature. The plugin will not perform the authentication itself but assert that the user was authenticated by the service that issued the JWT token.
> JWT defined a number of standard claims, and user principal can be fetched from the {{sub}} (subject) claim and passed on to Solr. The plugin will always check the {{exp}} (expiry) claim and optionally enforce checks on the {{iss}} (issuer) and {{aud}} (audience) claims.
> The first version of the plugin will only support RSA signing keys and will support fetching the public key of the issuer through a [Json Web Key|https://tools.ietf.org/html/rfc7517] (JWK) file, either from a https URL or from local file.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]