Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revert OIDC IdP CA to use RSA keys in new suites #46792

Merged
merged 1 commit into from
Sep 20, 2024
Merged

revert OIDC IdP CA to use RSA keys in new suites #46792

merged 1 commit into from
Sep 20, 2024
+77 −54

Conversation

nklaassen
Copy link
Contributor

I never actually updated any of our OIDC IdP code to support ECDSA, it actually just doesn't support it at all.

It also goes against the OIDC spec to not support the RS256 algorithm for id_token_signing_alg_values_supported, which we wouldn't be able to support if we didn't have an RSA key.

I've already reverted the SAML IdP as well. We'll need a different strategy to offer both RSA and ECDSA in the future.

@nklaassen nklaassen added the no-changelog Indicates that a PR does not require a changelog entry label Sep 19, 2024
@nklaassen nklaassen mentioned this pull request Sep 19, 2024
Open
@nklaassen nklaassen changed the base branch from nklaassen/default-auth-pref to master September 20, 2024 03:36
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-jd681bew6-goteleport.vercel.app/docs/ver/preview

@nklaassen
revert OIDC IdP CA to use RSA keys in new suites
dccda3b 
I never actually updated any of our OIDC IdP code to support ECDSA, it
actually just doesn't support it at all.

It also goes against the OIDC spec to not support the RS256 algorithm for
id_token_signing_alg_values_supported, which we wouldn't be able to
support if we didn't have an RSA key.

I've already reverted the SAML IdP as well. We'll need a different
strategy to offer both RSA and ECDSA in the future.
@nklaassen nklaassen added this pull request to the merge queue Sep 20, 2024
Merged via the queue into master with commit 5c22e05 Sep 20, 2024
39 checks passed
@nklaassen nklaassen deleted the nklaassen/revert-oidc-ca branch September 20, 2024 05:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nklaassen @zmb3 @rosstimothy