Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.3.0-rc0
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Server Security 2025-07-20, Server Security 2025-08-01, Server Security 2025-08-15, Server Security 2025-08-29, Server Security 2025-09-12
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The Server currently supports RS and PS family of JWS signing algorithms. This ticket will add ES - in particular, ES256. This signature is supported by GCP.

Implement ES256 signature verification for the server OIDC SASL mechanism.
Implement unit tests, and JS tests, to validate that valid ES256 signed tokens are accepted by the server, and that invalid ES tokens are rejected.
Manually validate this capability against GCP IdPs that provide ES256 signed tokens for workload identity federation. (see https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token as a starting point)

is blocked by

SERVER-108584 Support ES256/384 Signature verification in SSL Manager

Closed

is related to

SERVER-108915 Write JS Tests for tokens with ES256/384 signatures

Closed

1.	Support ES256/384 Signature verification in SSL Manager	SERVER-108584	Closed	Chye Lin Chee	8.3.0-rc0
2.	Write JS Tests for tokens with ES256/384 signatures	SERVER-108915	Closed	Chye Lin Chee	8.3.0-rc0
3.	Fix build failure for older OpenSSL versions	SERVER-109272	Closed	Chye Lin Chee	8.3.0-rc0

Assignee:: Chye Lin Chee
Reporter:: Adam Rayner
Participants:: Adam Rayner, Chye Lin Chee
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jul 21 2025 03:58:14 PM UTC
Updated:: Sep 03 2025 10:53:12 PM UTC
Resolved:: Sep 03 2025 10:53:12 PM UTC

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates