You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand that AWX is open source software provided for free and that I might not receive a timely response.
Feature type
New Feature
Feature Summary
Logging in using OIDC is successful when RS256 is set on the IDP (keycloak in my case), but unsuccessful when PS256 or EdDSA is set.
"Use EdDSA where possible and use ECDSA when it is not. If you are forced to use RSA, prefer RSASSA-PSS [PS256] over RSASSA-PKCS1-v1_5 [RS256]" (quoted from “JWTs: Which Signing Algorithm Should I Use?”).
Select the relevant components
UI
API
Docs
Collection
CLI
Other
Steps to reproduce
Set PS256 or EdDSA as the signature algorithm on the IDP side such as keycloak
configure OIDC settings on AWX pointing to that IDP
login with OIDC
Current results
Login is unsuccessful
Sugested feature result
stronger security
Additional information
OpenBanking has already made the transition to PS256 since 03/2019
Australian infosec has a requirement for PS256 since 2019
The text was updated successfully, but these errors were encountered:
Please confirm the following
Feature type
New Feature
Feature Summary
Logging in using OIDC is successful when RS256 is set on the IDP (keycloak in my case), but unsuccessful when PS256 or EdDSA is set.
"Use EdDSA where possible and use ECDSA when it is not. If you are forced to use RSA, prefer RSASSA-PSS [PS256] over RSASSA-PKCS1-v1_5 [RS256]" (quoted from “JWTs: Which Signing Algorithm Should I Use?”).
Select the relevant components
Steps to reproduce
Current results
Login is unsuccessful
Sugested feature result
stronger security
Additional information
The text was updated successfully, but these errors were encountered: