lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-12666) Support multiple AuthenticationPlugin's simultaneoulsy
Date Fri, 12 Apr 2019 10:03:00 GMT


Jan Høydahl commented on SOLR-12666:

Anyone got any thoughts on this? It would greatly simplify using tooling around a protected
Solr cluster, such as
 * bin/solr 
 * Prometheus exporter
 * solrJ
 * Various monitoring tools wanting to poll /admin/metrics
 * cURL

> Support multiple AuthenticationPlugin's simultaneoulsy
> ------------------------------------------------------
>                 Key: SOLR-12666
>                 URL:
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication, security
>            Reporter: Jan Høydahl
>            Priority: Major
>              Labels: authentication
> Solr is getting support for more authentication plugins year by year, and customers have
developed their own in-house plugins as well.
> At the same time we see more and more JIRAs to add *BasicAuth* support for various clients
and use cases, such as SOLR-12584 (Solr Exporter), SOLR-9779 (Streaming expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 (JDBC), SOLR-12583 (Subquery
docTransformer) and SOLR-10322 (Streaming expression daemon), SOLR-12860 (metrics history), SOLR-11759 (DocExpirationUpdateProcessor),
SOLR-11959 (CDCR), SOLR-12359 (LIR) and probably more. Some of these may be bugs that
can be fixed with PKI though...
> Currently the framework supports *only one active Auth method* (except PKI which is special).
Which means that if you use something else than BasicAuth, you're lucky if you get any of
the above features to work with your cluster. -Even the AdminUI only supports BasicAuth (implicit
via browser).- Admin UI has explicit support for a few plugins only.
> I think the solution is to allow more than one auth plugin to be active at the same time,
allowing people to use their custom fancy auth which is tightly integrated with their environment,
and at the same time activate e.g. BasicAuth or JWTAuth for use with other clients that do
not support the primary auth method.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message