Bug 2346769 - Support N+E Signature Checking in AssumeRoleWithWebIdentity [NEEDINFO]
Summary: Support N+E Signature Checking in AssumeRoleWithWebIdentity
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 8.1
Assignee: Pritha Srivastava
QA Contact: Anuchaithra
Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks: 2351689 2359403
TreeView+ depends on / blocked
 
Reported: 2025-02-20 06:58 UTC by Pritha Srivastava
Modified: 2025-06-04 17:15 UTC (History)
6 users (show)

Fixed In Version: ceph-19.2.1-3.el9cp
Doc Type: Enhancement
Doc Text:
.AssumeRoleWithIdentity now supports validating JWT signatures Previously, AssumeRoleWithWebIdenity supported JSON Web Token (JWT) signature validation using only x5c. With this enhancement, AssumeRoleWithIdentity validates JWT signatures by using a JSON Web Key (JWK) with modulus and exponent (n+e). As a result, an OpenID Connect (OIDC) IdP issuing JWK with n+e can now integrate with Ceph Object Gateway.
Clone Of:
: 2359403 (view as bug list)
Environment:
Last Closed:
Embargoed:
mbenjamin: needinfo? (prsrivas)
mbenjamin: needinfo? (prsrivas)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCEPH-10650 0 None None None 2025-02-20 06:59:40 UTC

Description Pritha Srivastava 2025-02-20 06:58:40 UTC 
Description of problem:
N+E Signature Checking not supported while verifying JWT during AssumeRoleWithWebIdentity

Version-Release number of selected component (if applicable):


How reproducible:Always


Steps to Reproduce:
1.Pass a JWT in AssumeRoleWithWebIdentity with no x5c keys and with N+E keys
2.
3.

Actual results:Fails with Access Denied


Expected results:Must pass


Additional info:
Note You need to log in before you can comment on or make changes to this bug.