You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fleet Server should accept requests by agents authenticated using JWT tokens, as the ones emitted by #3289.
It should validate the JWT token with the following steps:
The signature of the token, using the public key.
The expiration time, if present.
The iss claim must match with the current project.
The sub claim must match with an agent ID in the .fleet-agents index, to validate that the agent is actually enrolled and not removed from the system. This helps in case of revocation.
The jti claim must match with one of the current JWT IDs in the .fleet-agents index.
Refresh tokens should not be accepted on any operation, apart on requesting new tokens as defined in #3289.
There must be settings for:
Controlling the authentication methods supported (API keys, JWT). Default to both.
Disabling validations on the .fleet-agents index, to make validation completely reliant on stateless JWT. Default to use .fleet-agents for validation.
The text was updated successfully, but these errors were encountered:
Fleet Server should accept requests by agents authenticated using JWT tokens, as the ones emitted by #3289.
It should validate the JWT token with the following steps:
issclaim must match with the current project.subclaim must match with an agent ID in the.fleet-agentsindex, to validate that the agent is actually enrolled and not removed from the system. This helps in case of revocation.jticlaim must match with one of the current JWT IDs in the.fleet-agentsindex.Refresh tokens should not be accepted on any operation, apart on requesting new tokens as defined in #3289.
There must be settings for:
.fleet-agentsindex, to make validation completely reliant on stateless JWT. Default to use.fleet-agentsfor validation.The text was updated successfully, but these errors were encountered: