-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail early when rp.client_secret is missing in OIDC realm #42256
Conversation
client_secret is a required secure setting. Make sure we fail with a SettingsException and a clear, actionable message when bulding the realm, if the setting is missing.
Pinging @elastic/es-security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@elasticmachine run elasticsearch-ci/1 elasticsearch-ci/bwc elasticsearch-ci/default-distro |
@elasticmachine run elasticsearch-ci/bwc |
@elasticmachine run elasticsearch-ci/default-distro |
|
@elasticmachine run elasticsearch-ci/packaging-sample |
@@ -52,8 +53,11 @@ protected Settings nodeSettings(int nodeOrdinal) { | |||
final Path jwkSet = createTempFile("jwkset", "json"); | |||
OpenIdConnectTestCase.writeJwkSetToFile(jwkSet); | |||
|
|||
MockSecureSettings mockSecureSettings = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails because the truststore password is missing, but I can't figure out why. I'll check again my morning, but @tvernum if you have any ideas - I'm all ears
rp.client_secret is a required secure setting. Make sure we fail with a SettingsException and a clear, actionable message when building the realm, if the setting is missing.
client_secret is a required secure setting. Make sure we fail with
a SettingsException and a clear, actionable message when building
the realm, if the setting is missing.