You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
This feature addresses two possible problems users may encounter:
a) their Identity Provider does not expose the OpenId Connect Discovery endpoint at all, or it is missing key endpoints such as end_session_endpoint
b) the Identity Provider does not support CORS when accessing the OpenId Connect Discovery endpoint.
Describe the solution you'd like
For these 2 cases, it should be possible to configure (via rabbitmq.conf) all or some of the OpenId Connect endpoints. For instance, if the configuration has the variable auth_oauth2.issuer RabbitMQ would try to connect to the OpenId Connect Discovery endpoint to discover the other endpoints unless all the endpoints required by RabbitMQ are already set via the appropriate configuration variables. In that case, RabbitMQ would not contact the OpenId Connect Discovery endpoint.
The solution described above is what RabbitMQ oauth2 backend plugin supports for two OpenId Connect endpoints: token_endpoint and jwks_uri endpoint. However, the management plugin needs at least two more endpoints. They are authorization_endpoint and end_session_endpoint.
This feature is only for edge case scenarios as the majority of users of the management UI with OAuth 2.0 authentication rely on OpenId Connect Discovery endpoint.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
This feature addresses two possible problems users may encounter:
a) their Identity Provider does not expose the OpenId Connect Discovery endpoint at all, or it is missing key endpoints such as
end_session_endpoint
b) the Identity Provider does not support CORS when accessing the OpenId Connect Discovery endpoint.
Describe the solution you'd like
For these 2 cases, it should be possible to configure (via
rabbitmq.conf
) all or some of the OpenId Connect endpoints. For instance, if the configuration has the variableauth_oauth2.issuer
RabbitMQ would try to connect to the OpenId Connect Discovery endpoint to discover the other endpoints unless all the endpoints required by RabbitMQ are already set via the appropriate configuration variables. In that case, RabbitMQ would not contact the OpenId Connect Discovery endpoint.The solution described above is what RabbitMQ oauth2 backend plugin supports for two OpenId Connect endpoints:
token_endpoint
andjwks_uri
endpoint. However, the management plugin needs at least two more endpoints. They areauthorization_endpoint
andend_session_endpoint
.This feature is only for edge case scenarios as the majority of users of the management UI with OAuth 2.0 authentication rely on OpenId Connect Discovery endpoint.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: