Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1966849

Summary: rgw/sts: OIDC JWT validation does not use modulus and exponent for token validation. Add support for the same.
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Pritha Srivastava <prsrivas>
Component: RGWAssignee: Pritha Srivastava <prsrivas>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: low Docs Contact:
Priority: medium    
Version: 4.2CC: cbodley, ceph-eng-bugs, ceph-qe-bugs, dparkes, gsitlani, kbader, mbenjamin, sweil, tserlin, vimishra
Target Milestone: ---   
Target Release: 4.2z3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-14.2.11-187.el8cp, ceph-14.2.11-187.el7cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2006178 (view as bug list) Environment:
Last Closed: 2021-09-27 18:26:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2006178    

Description Pritha Srivastava 2021-06-02 03:52:28 UTC 
Description of problem:

OIDC JWT validation does not use modulus and exponent for token validation in the incoming JSON Web Key Set.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create an OIDC provider in RGW with the Url of an OIDC Provider
2. Use an Access Token generated by the IDP to invoke AssumeRoleWithWebIdentity, with modulus and exponent set in JWKS (and not x5c)


Actual results:
The token is not validated

Expected results:
The token should be validated using the parameters in JWKS.

Additional info:
Comment 1 RHEL Program Management 2021-06-02 03:52:36 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 13 errata-xmlrpc 2021-09-27 18:26:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 4.2 Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3670