This is a breaking change. All existing policies must be updated to insert the local issuer.
This patch adds support in the authenticator for trusting tokens issued
by third-party A3S instances. You can configure a list of trusted
issuers by using the flag --jwt-trusted-issuer (array) where you can
give either the url of the issuer as 'http://other.com' or a '@'
separated string to give the path the the CA to trust for the issuer.
The API authorization policies now have a new TrustedIssuers field that
allows to set a list of trusted issuer to which the policy should apply.
By default (empty) the local issuer of the current A3S instance will be
automatically added.
This patch adds support in the authenticator for trusting tokens issued by third-party A3S instances. You can configure a list of trusted issuers by using the flag --jwt-trusted-issuer (array) where you can give either the url of the issuer as 'http://other.com' or a '@' separated string to give the path the the CA to trust for the issuer.
For instance:
The API authorization policies now have a new TrustedIssuers field that allows to set a list of trusted issuer to which the policy should apply. By default (empty) the local issuer of the current A3S instance will be automatically added.