[SOLR-16230] JWT-Auth: Support for Keycloak-Style nested roles - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 8.11.1
Fix Version/s: 9.1
Component/s: Authentication, Authorization
Labels:
None
Environment:

Solr 8.11 with Keycloak 16.1.1

Description

The rolesClaim for a JWT Token, as documented in https://solr.apache.org/guide/8_11/jwt-authentication-plugin.html#configuration-parameters, does not support "nested roles".

That is, consider the following claim, as returned by [keycloak|https://www.keycloak.org/] if the user has the role user for the client solr:

"resource_access": {
"solr": {
"roles": [
"user"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]

}

Here a nested roles claim would have to apply to match. Something like rolesClaim="resource_access.solr.roles"

This is currently not supported. I am working on a Pull Request.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2022-06-08-09-28-22-021.png
08/Jun/22 07:28
67 kB
Marco
image-2022-06-07-15-05-08-010.png
07/Jun/22 13:05
291 kB
Marco

Issue Links

links to

GitHub Pull Request #890

Activity

People

Assignee:: Jan Høydahl

Reporter:: Marco

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 02/Jun/22 13:26

Updated:: 10/Jan/23 20:45

Resolved:: 14/Sep/22 20:26

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: