<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:40:50 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-79384] Allow startup with unavailable Issuer URI</title>
                <link>https://jira.mongodb.org/browse/SERVER-79384</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;If the Issuer URI is invalid or unable to be resolved, the Server will fail to startup. However, during initial setup of a cluster, this can be confusing because the administrator might be attempting to configure many different things at once and attempting to debug them in parallel. These administrators want their servers to start.&lt;/p&gt;

&lt;p&gt;We should &lt;b&gt;try&lt;/b&gt; to eagerly fetch a JWKS for all provisioned IdPs at startup. However, if we are unable to acquire the JWKS, we should emit an error message and continue startup. When a misconfigured IdP is used, the server should issue a fresh Just-In-Time attempt to acquire its keys. If the configuration becomes valid, we may cache its keys normally. Otherwise, we should issue a warning on each authentication attempt which fails due to invalid discovery metadata.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2401829">SERVER-79384</key>
            <summary>Allow startup with unavailable Issuer URI</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="varun.ravichandran@mongodb.com">Varun Ravichandran</assignee>
                                    <reporter username="spencer.jackson@mongodb.com">Spencer Jackson</reporter>
                        <labels>
                    </labels>
                <created>Wed, 26 Jul 2023 18:59:56 +0000</created>
                <updated>Sun, 29 Oct 2023 21:18:23 +0000</updated>
                            <resolved>Thu, 12 Oct 2023 01:03:50 +0000</resolved>
                                                    <fixVersion>7.1.1</fixVersion>
                    <fixVersion>7.2.0-rc0</fixVersion>
                    <fixVersion>7.0.3</fixVersion>
                                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="5784906" author="xgen-internal-githook" created="Tue, 17 Oct 2023 14:51:32 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-79384&quot; title=&quot;Allow startup with unavailable Issuer URI&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-79384&quot;&gt;&lt;del&gt;SERVER-79384&lt;/del&gt;&lt;/a&gt;: Allow server to startup with unresponsive OIDC issuer discovery or JWKS endpoints&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 39cb2c5db067a475710eb5fbec79b5d8f4849920)&lt;br/&gt;
(cherry picked from commit 43524bbb3d87738599678f1a6f1f1d753a64f101)&lt;br/&gt;
Branch: v7.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/901270a7a867f1874cdf9eade64bced18e25a1e8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/901270a7a867f1874cdf9eade64bced18e25a1e8&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5784587" author="xgen-internal-githook" created="Tue, 17 Oct 2023 13:51:38 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-79384&quot; title=&quot;Allow startup with unavailable Issuer URI&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-79384&quot;&gt;&lt;del&gt;SERVER-79384&lt;/del&gt;&lt;/a&gt;: Allow server to startup with unresponsive OIDC issuer discovery or JWKS endpoints&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 39cb2c5db067a475710eb5fbec79b5d8f4849920)&lt;br/&gt;
Branch: v7.1&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/43524bbb3d87738599678f1a6f1f1d753a64f101&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/43524bbb3d87738599678f1a6f1f1d753a64f101&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5772211" author="xgen-internal-githook" created="Thu, 12 Oct 2023 00:38:29 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Varun Ravichandran&apos;, &apos;email&apos;: &apos;varun.ravichandran@mongodb.com&apos;, &apos;username&apos;: &apos;varunravi98&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-79384&quot; title=&quot;Allow startup with unavailable Issuer URI&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-79384&quot;&gt;&lt;del&gt;SERVER-79384&lt;/del&gt;&lt;/a&gt;: Allow server to startup with unresponsive OIDC issuer discovery or JWKS endpoints&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/39cb2c5db067a475710eb5fbec79b5d8f4849920&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/39cb2c5db067a475710eb5fbec79b5d8f4849920&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5745975" author="varun.ravichandran" created="Mon, 2 Oct 2023 17:09:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=fuat.ertunc%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;fuat.ertunc@mongodb.com&quot;&gt;fuat.ertunc@mongodb.com&lt;/a&gt; Yes, unfortunately I started on this too late to make the 7.0.2 cutoff and this change has a slightly larger surface area than I originally anticipated. I&apos;m also trying to ensure that we have adequate testing so that the new behavior is well-defined. 7.0.3 is certainly doable and it&apos;s currently my top priority.&lt;/p&gt;</comment>
                            <comment id="5744876" author="JIRAUSER1260017" created="Mon, 2 Oct 2023 12:05:07 +0000"  >&lt;p&gt;Hey team - just saw 7.0.2 announcement today, I think we missed it. Do you think we can have it with 7.0.3?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                        <issuelink>
            <issuekey id="2472317">DOCS-16434</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="26243"><![CDATA[v7.1]]></customfieldvalue>
    <customfieldvalue key="25578"><![CDATA[v7.0]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 24 Aug 2023 17:19:50 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        16 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Previously, the server would fail to start up if provided with any OIDC identity providers whose OIDC discovery document or JWKS endpoint were unreachable. After this change, the server now starts up normally but logs a warning if it was unable to retrieve the JWKs for any configured identity provider. If a client later attempts to authenticate by presenting an access token issued by an identity provider the server couldn&amp;#39;t retrieve keys for, the server makes another just-in-time attempt to refresh keys and logs another warning and fails authentication if key retrieval fails again. If the OIDC discovery endpoint and the JWKS endpoint come back online, then authentication will proceed normally.&lt;br/&gt;
&lt;br/&gt;
Note that we are aiming to backport this change to 7.1.1 and 7.0.3, so all versions of the server supporting OIDC will eventually have this behavior. This is simply a behavioral change from 7.0.2 -&amp;gt; 7.0.3/7.1.1, and 7.1.0 -&amp;gt; 7.1.1/7.2.0. </customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16942"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            16 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>fuat.ertunc@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2jml3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i21qso:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_22250" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Special Downgrade Instructions Required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="23343"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="7703">Security 2023-09-18</customfieldvalue>
    <customfieldvalue id="7704">Security 2023-10-02</customfieldvalue>
    <customfieldvalue id="7705">Security 2023-10-16</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_17051" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Teams Impacted</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16943"><![CDATA[Cloud]]></customfieldvalue>
    <customfieldvalue key="16944"><![CDATA[Docs]]></customfieldvalue>
    <customfieldvalue key="16946"><![CDATA[Triage and Release]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2j8qf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>