Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.0.0-rc0, 7.0.9, 7.3.2
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Backport Requested:

v7.3, v7.0
Sprint:
Security 2024-03-04, Security 2024-03-18
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Since IDPConfiguration issuers are no longer guaranteed to be unique, selecting the correct IDPConfiguration registration that should apply to an OIDC authentication attempt is no longer as simple as matching the IDPConfiguration's issuer to the token's issuer claim. The server must now also match the IDPConfiguration's audience to the token's audience claim.

duplicates

SERVER-86821 Use single JWKManager for multiple IDP configurations with the same issuer

Closed

Assignee:: Erwin Pe
Reporter:: Erwin Pe
Participants:: Erwin Pe, Githook User
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Feb 14 2024 06:53:12 PM UTC
Updated:: Apr 10 2024 06:23:51 PM UTC
Resolved:: Mar 08 2024 03:04:16 PM UTC
Confidence Status Last Update:: 22/Feb/24 3:55 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates