ExpirationTimestamp: Whats the best way to use it, and are there new features we need to add for it ? #1359
-
|
Are there some guidelines or examples of when and how we should (and should not) use it? In general, would like to enable Pinniped in Edge scenarios, where there are potentially long disconnects from a central pinniped server. I see some related issues, like #902 .... |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @jayunit100, I think you are asking about the use case where the Pinniped Supervisor is running in a central data center, and the Pinniped Concierge is running on a cluster in an "edge" data center, with a JWTAuthenticator configured on the Concierge to trust the Supervisor. Perhaps this would be the only missing feature needed. #772 Today, the only reason that the Concierge directly contacts the Supervisor is to fetch the JWKS to support ID token validation for JWTAuthenticators. If an admin could configure the JWKS value directly on the JWTAuthenticator, then there would be no need for any network requests from the Concierge to the Supervisor. |
Beta Was this translation helpful? Give feedback.
Hi @jayunit100,
I think you are asking about the use case where the Pinniped Supervisor is running in a central data center, and the Pinniped Concierge is running on a cluster in an "edge" data center, with a JWTAuthenticator configured on the Concierge to trust the Supervisor.
Perhaps this would be the only missing feature needed. #772
Today, the only reason that the Concierge directly contacts the Supervisor is to fetch the JWKS to support ID token validation for JWTAuthenticators. If an admin could configure the JWKS value directly on the JWTAuthenticator, then there would be no need for any network requests from the Concierge to the Supervisor.