Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.3.10.CR1, 7.3.10.GA
Affects Version/s: 7.4.0.GA
Component/s: Security
Labels:
- test_included

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Release Note Text:
undefined
Target Release:

7.3.z.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1562
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The current implementation of the cache inside the JwkManager just caches by the jwks url and it does take into account if a new kid is passed. This avoids the rotation of keys because the new key is not loaded until the current cache expires.

The idea is going to be always refreshing the jwks url if the kid is new. Just adding a new time option to avoid flooding of the endpoint (a minimum time in which consecutive requests are not allowed).

clones

JBEAP-22338 [GSS](7.4.z) ELY-2194 - JWK implementation in JwkManager does not work properly on key rotation

Verified

incorporates

ELY-2194 JWK implementation in JwkManager does not work properly on key rotation

Resolved

is incorporated by

JBEAP-22332 (7.3.z) Upgrade Elytron from 1.10.13.Final-redhat-00001 to 1.10.15.Final-redhat-00001

Closed

Assignee:: Ricardo Martin Camarero

Reporter:: Ricardo Martin Camarero

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/08/17 8:30 AM

Updated:: 2021/12/14 7:32 AM

Resolved:: 2021/09/24 4:05 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide