[SERVER-73495] Allow JWKS refresh to invalidate keys even on failure Created: 31/Jan/23 Updated: 29/Oct/23 Resolved: 02/Mar/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.0.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Adrian Gonzalez Montemayor |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2023-02-20, Security 2023-03-06 |
| Participants: |
| Description |
|
If forced JWKS refresh fails, any cached JWKSes are left active in memory. This preserves availability. However, administrators perform JWKS refresh to recover from IdP private key compromise. It can be important for compromised key material to be distrusted, even if we are unable to obtain fresh, valid, material. We should introduce a mechanism which lets us flush JWKS even on re-acquisition failure. |
| Comments |
| Comment by Githook User [ 02/Mar/23 ] |
|
Author: {'name': 'Adrian Gonzalez', 'email': 'adriangonzalezmontemayor@gmail.com', 'username': 'adriangzz'}Message: |