Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22339

[GSS](7.3.z) ELY-2194 - JWK implementation in JwkManager does not work properly on key rotation


      The current implementation of the cache inside the JwkManager just caches by the jwks url and it does take into account if a new kid is passed. This avoids the rotation of keys because the new key is not loaded until the current cache expires.

      The idea is going to be always refreshing the jwks url if the kid is new. Just adding a new time option to avoid flooding of the endpoint (a minimum time in which consecutive requests are not allowed).

            rhn-support-rmartinc Ricardo Martin Camarero
            rhn-support-rmartinc Ricardo Martin Camarero
            0 Vote for this issue
            4 Start watching this issue