Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT signer secondary auth: not enough information to continue #2478

Closed
ekoby opened this issue Oct 11, 2024 · 1 comment
Closed

JWT signer secondary auth: not enough information to continue #2478

ekoby opened this issue Oct 11, 2024 · 1 comment
Assignees
@andrewpmartinez
Labels
bug Something isn't working

Comments

@ekoby
Copy link
Member

ekoby commented Oct 11, 2024
edited
Loading

if I set up an auth policy with JWT signer as secondary auth and authenticate with key/cert I get an api session (irrelevant field removed):

  "authQueries": [
    {
      "provider": "url",
      "typeId": "EXT-JWT"
    }
  ],
  "identityId": "JTR.7wXlT",

  "isMfaComplete": false,
  "isMfaRequired": false
}
  1. authQueries does not give enough information to start OIDC authentication (url, clientId, claim, audience are needed)
    maybe external signer id/name would be enough to do a lookup
  2. should isMfaRequired be set? I think that's the case with TOTP secondary
@andrewpmartinez
Copy link
Member

This was confirmed to be an issue in legacy authentication.

@andrewpmartinez andrewpmartinez self-assigned this Oct 11, 2024
@andrewpmartinez andrewpmartinez added the bug Something isn't working label Oct 11, 2024
@qrkourier qrkourier mentioned this issue Oct 11, 2024
Merged
@andrewpmartinez andrewpmartinez moved this from In Progress to In Review in Security/IdP Features & Capabilities Oct 15, 2024
andrewpmartinez added a commit that referenced this issue Oct 15, 2024
@andrewpmartinez
Merge pull request #2479 from openziti/fix.2478.legacy.auth.quers.ext…
37f6788 
….jwt.missing.values

fixes #2478 legacy auth queries missing values
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpmartinez andrewpmartinez

Labels
bug Something isn't working
Projects
Security/IdP Features & Capabilities
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewpmartinez @ekoby