honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/plugin/security
History
Ioannis Kakavas 7cabe8acc9 Fix refresh remote JWKS logic (#42662) 
This change ensures that:

- We only attempt to refresh the remote JWKS when there is a
signature related error only ( BadJWSException instead of the
geric BadJOSEException )
- We do call OpenIDConnectAuthenticator#getUserClaims upon
successful refresh.
- We test this in OpenIdConnectAuthenticatorTests.

Without this fix, when using the OpenID Connect realm with a remote
JWKSet configured in `op.jwks_path`, the refresh would be triggered
for most configuration errors ( i.e. wrong value for `op.issuer` )
and the kibana wouldn't get a response and timeout since
`getUserClaims` wouldn't be called because
`ReloadableJWKSource#reloadAsync` wouldn't call `onResponse` on the
future.
 		2019-05-30 18:08:30 +03:00
..
cli Simplify filtering addresses on interfaces (#41758) 2019-05-02 16:36:27 -04:00
forbidden Add an OpenID Connect authentication realm (#40674) (#41178) 2019-04-15 12:41:16 +03:00
licenses Add an OpenID Connect authentication realm (#40674) (#41178) 2019-04-15 12:41:16 +03:00
qa Add cluster restart for security on basic (#42217) 2019-05-22 14:27:45 +10:00
src Fix refresh remote JWKS logic (#42662) 2019-05-30 18:08:30 +03:00
build.gradle Switch run task to use real distro (#41590) 2019-05-06 12:34:07 -07:00