[IMPALA-11922] Add Startup Flag to Select TLS Certificate Verification on JWKS URL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Impala 4.3.0
Component/s: Backend, Security
Labels:
None

Epic Color:
ghx-label-11

Description

When JWT authentication is configured and the "jwks_url" startup flag is specified, Impala is not verifying the JWKS server's TLS certificate.

https://github.com/apache/impala/blob/e17fd9a0d5428306dfa41a041a44c800824d72f6/be/src/util/jwt-util.cc#L557

Add a new startup flag that enables the user to select whether or not they wish to verify the JWKS server's TLS certificate. Default this option to verifying the certificate. This is a breaking change as current behavior skips TLS certificate verifications.

Attachments

Activity

People

Assignee:: Jason Fehr

Reporter:: Jason Fehr

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Feb/23 04:26

Updated:: 30/May/23 14:26

Resolved:: 30/May/23 14:26