Bug 2346769

Summary: Support N+E Signature Checking in AssumeRoleWithWebIdentity
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Pritha Srivastava <prsrivas>
Component: RGWAssignee: Pritha Srivastava <prsrivas>
Status: VERIFIED --- QA Contact: Anuchaithra <anrao>
Severity: medium Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 8.0CC: anrao, ceph-eng-bugs, cephqe-warriors, mbenjamin, rpollack, tserlin
Target Milestone: ---Flags: mbenjamin: needinfo? (prsrivas)
mbenjamin: needinfo? (prsrivas)
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.2.1-3.el9cp Doc Type: Enhancement
Doc Text:
.AssumeRoleWithIdentity now supports validating JWT signatures Previously, AssumeRoleWithWebIdenity supported JSON Web Token (JWT) signature validation using only x5c. With this enhancement, AssumeRoleWithIdentity validates JWT signatures by using a JSON Web Key (JWK) with modulus and exponent (n+e). As a result, an OpenID Connect (OIDC) IdP issuing JWK with n+e can now integrate with Ceph Object Gateway.
 Story Points: ---
Clone Of:
: 2359403 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2351689, 2359403    

Description Pritha Srivastava 2025-02-20 06:58:40 UTC 
Description of problem:
N+E Signature Checking not supported while verifying JWT during AssumeRoleWithWebIdentity

Version-Release number of selected component (if applicable):


How reproducible:Always


Steps to Reproduce:
1.Pass a JWT in AssumeRoleWithWebIdentity with no x5c keys and with N+E keys
2.
3.

Actual results:Fails with Access Denied


Expected results:Must pass


Additional info: