[management, client] Fix SSH server audience validator (#5105)

* **New Features** * SSH server JWT validation now accepts multiple audiences with backward-compatible handling of the previous single-audience setting and a guard ensuring at least one audience is configured. * **Tests** * Test suites updated and new tests added to cover multiple-audience scenarios and compatibility with existing behavior. * **Other** * Startup logging enhanced to report configured audiences for JWT auth.
2026-04-16 07:16:38 +00:00 · 2026-01-16 12:28:17 +01:00
parent 067c77e49e
commit 1ff7abe909
8 changed files with 565 additions and 371 deletions
--- a/client/ssh/proxy/proxy_test.go
+++ b/client/ssh/proxy/proxy_test.go
@@ -132,7 +132,7 @@ func TestSSHProxy_Connect(t *testing.T) {
 		HostKeyPEM: hostKey,
 		JWT: &server.JWTConfig{
 			Issuer:       issuer,
-			Audience:     audience,
+			Audiences:    []string{audience},
 			KeysLocation: jwksURL,
 		},
 	}