Description:
In APIM v4, we have the following configuration and using that we can change the JWKS endpoint. Basically we can provide a private url to the gateways for calling the JWKS endpoint.
[apim.key_manager]
service_url = "https://wso2apim:9443/services/"
Looks like in APIM v4.1.0, we can't change that anymore due to a recent fix. This is an issue in a container deployments as it cannot route to the external facing endpoint(Lb endpoint/Ingress). All the QSGs related to container deployment will fail and we have to ask the user to manually change the JWKS endpoint. I guess this is not a good approach for QSGs.
Had a chat with Tharindu and possible option is to introduce a config which basically gives the permission to override the wellknown urls or not.
Steps to reproduce:
Affected Product Version:
Environment details (with versions):
- OS:
- Client:
- Env (Docker/K8s):
Optional Fields
Related Issues:
Suggested Labels:
Suggested Assignees:
Description:
In APIM v4, we have the following configuration and using that we can change the JWKS endpoint. Basically we can provide a private url to the gateways for calling the JWKS endpoint.
[apim.key_manager]
service_url = "https://wso2apim:9443/services/"
Looks like in APIM v4.1.0, we can't change that anymore due to a recent fix. This is an issue in a container deployments as it cannot route to the external facing endpoint(Lb endpoint/Ingress). All the QSGs related to container deployment will fail and we have to ask the user to manually change the JWKS endpoint. I guess this is not a good approach for QSGs.
Had a chat with Tharindu and possible option is to introduce a config which basically gives the permission to override the wellknown urls or not.
Steps to reproduce:
Affected Product Version:
Environment details (with versions):
Optional Fields
Related Issues:
Suggested Labels:
Suggested Assignees: