-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Server Security 2025-07-20, Server Security 2025-08-01, Server Security 2025-08-15
-
None
-
3
-
TBD
-
None
-
None
-
None
-
None
-
None
-
None
-
None
The Server currently supports RS and PS family of JWS signing algorithms. This ticket will add ES - in particular, ES256. This signature is supported by GCP.
- Implement ES256 signature verification for the server OIDC SASL mechanism.
- Implement unit tests, and JS tests, to validate that valid ES256 signed tokens are accepted by the server, and that invalid ES tokens are rejected.
- Manually validate this capability against GCP IdPs that provide ES256 signed tokens for workload identity federation. (see https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token as a starting point)
- is blocked by
-
SERVER-108584 Support ES256/384 Signature verification in SSL Manager
-
- In Progress
-
1.
|
Support ES256/384 Signature verification in SSL Manager | SERVER-108584 |
|
In Progress | Chye Lin Chee | |
2.
|
Write JS Tests for tokens with ES256/384 signatures | SERVER-108915 |
|
In Progress | Chye Lin Chee | |
3.
|
Fix build failure for older OpenSSL versions | SERVER-109272 |
|
Needs Scheduling | Chye Lin Chee |