Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-79384

Allow startup with unavailable Issuer URI

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.1.1, 7.2.0-rc0, 7.0.3
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security
    • Fully Compatible
    • v7.1, v7.0
    • Security 2023-09-18, Security 2023-10-02, Security 2023-10-16

      If the Issuer URI is invalid or unable to be resolved, the Server will fail to startup. However, during initial setup of a cluster, this can be confusing because the administrator might be attempting to configure many different things at once and attempting to debug them in parallel. These administrators want their servers to start.

      We should try to eagerly fetch a JWKS for all provisioned IdPs at startup. However, if we are unable to acquire the JWKS, we should emit an error message and continue startup. When a misconfigured IdP is used, the server should issue a fresh Just-In-Time attempt to acquire its keys. If the configuration becomes valid, we may cache its keys normally. Otherwise, we should issue a warning on each authentication attempt which fails due to invalid discovery metadata.

            varun.ravichandran@mongodb.com Varun Ravichandran
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            7 Start watching this issue