2346769 – Support N+E Signature Checking in AssumeRoleWithWebIdentity

Bug 2346769 - Support N+E Signature Checking in AssumeRoleWithWebIdentity

Summary: Support N+E Signature Checking in AssumeRoleWithWebIdentity

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	8.1
Assignee:	Pritha Srivastava
QA Contact:	Anuchaithra
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2359403 2351689
TreeView+	depends on / blocked

Reported:	2025-02-20 06:58 UTC by Pritha Srivastava
Modified:	2025-10-25 04:25 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ceph-19.2.1-3.el9cp
Doc Type:	Enhancement
Doc Text:	.AssumeRoleWithIdentity now supports validating JWT signatures Previously, AssumeRoleWithWebIdenity supported JSON Web Token (JWT) signature validation using only x5c. With this enhancement, AssumeRoleWithIdentity validates JWT signatures by using a JSON Web Key (JWK) with modulus and exponent (n+e). As a result, an OpenID Connect (OIDC) IdP issuing JWK with n+e can now integrate with Ceph Object Gateway.
Clone Of:
Clones:	2359403 (view as bug list)
Environment:
Last Closed:	2025-06-26 12:26:11 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-10650	0	None	None	None	2025-02-20 06:59:40 UTC
Red Hat Product Errata	RHSA-2025:9775	0	None	None	None	2025-06-26 12:26:22 UTC

Description Pritha Srivastava 2025-02-20 06:58:40 UTC

Description of problem:
N+E Signature Checking not supported while verifying JWT during AssumeRoleWithWebIdentity

Version-Release number of selected component (if applicable):


How reproducible:Always


Steps to Reproduce:
1.Pass a JWT in AssumeRoleWithWebIdentity with no x5c keys and with N+E keys
2.
3.

Actual results:Fails with Access Denied


Expected results:Must pass


Additional info:

Comment 7 errata-xmlrpc 2025-06-26 12:26:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775

Comment 8 Red Hat Bugzilla 2025-10-25 04:25:33 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.