Rework Keycloak auth token validation with auth server public key
Bug #1857871 reported by
Renat Akhmerov
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mistral |
Fix Released
|
High
|
Renat Akhmerov | ||
Bug Description
Currently, when Mistral is configured with to authenticate requests with Keycloak, every time when an HTTP request arrives Mistral extracts an access token from the 'X-Auth-Token' header and sends a request to Keycloak to check if it's valid. However, Mistral can validate it w/o sending a request. It's possible to validate a token on the Mistral side using Keycloak public key.
For more information read this article: https:/
| Changed in mistral: | |
| milestone: | none → ussuri-2 |
| assignee: | nobody → Renat Akhmerov (rakhmerov) |
| importance: | Undecided → High |
| status: | New → Confirmed |
| Changed in mistral: | |
| status: | Confirmed → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to mistral (master) | #1 |
| Changed in mistral: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/mistral 10.0.0.0b2 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit c888a46ccc46346
Author: Renat Akhmerov <email address hidden>
Date: Fri Dec 27 16:20:19 2019 +0700
Fix keycloak authentication
* Implement offline access token validation using Keycloak public key.
Closes-bug: #1857871
Change-Id: I0eecec4b4e6438