Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use Jira Cloud for all bug tracking management.

Bug 2242261

Summary: STS/OIDC. RGW Validation of a token signature may use a wrong OIDC certificate
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: daniel parkes <dparkes>
Component: RGWAssignee: Pritha Srivastava <prsrivas>
Status: CLOSED ERRATA QA Contact: Hemanth Sai <hmaheswa>
Severity: high Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 7.1CC: ceph-eng-bugs, cephqe-warriors, mbenjamin, prsrivas, rpollack, tserlin, vereddy, vimishra
Target Milestone: ---   
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.1-114.el9cp Doc Type: Bug Fix
Doc Text:
.Ceph Object Gateway no longer fails during signature validation Previously, if the JSON Web Token (JWT) was not signed using the first x5c certification for signature validation, the signature validation fails. With this fix, the correct certificate is chosen for signature validation, even if is not the first certification. As a result, the signature validation completes as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-06-26 12:10:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2351689    

Description daniel parkes 2023-10-05 07:57:25 UTC 
Description of problem:

Working with a customer we have fallen into this known issue:

https://tracker.ceph.com/issues/54562

We have been able to work around it using the RHSSO UI:

realm settings -> keys, edit the rsa-generated provider to have priority 105 rather than 100.

Not an urgent issue, but it would be great if it could get fixed at some point.

Thanks.
Comment 1 RHEL Program Management 2023-10-05 07:57:35 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 15 errata-xmlrpc 2025-06-26 12:10:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775