lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Gerlowski <gerlowsk...@gmail.com>
Subject Re: Facing jwt authentication problem using solr 8.1.1
Date Tue, 17 Dec 2019 15:42:10 GMT
Hey Jan,

Is this a case of something that'd be fixed by
https://issues.apache.org/jira/browse/SOLR-13071 ?

Just wondering

Best,
Jason

On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <jan.asf@cominvent.com> wrote:
>
> Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
>
> The trick is to «whitelist» certain paths that will not require auth, but then further
down add rules to block all other paths either as admin role or with special role *»* which
means «any authenticated user».
>
> Jan
>
> > 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <Lakhan.Gupta@infogain.com.INVALID>:
> >
> > Hi,
> >
> > Using solr 8.1.1 version and facing problem while enabling jwt authentication in
solr. Jwt authentication is working fine after configuring security.json file. Below is the
configuration I am using for enabling jwt authentication.
> >
> > Security.json
> >
> > {
> >  "authentication":{
> >               "blockUnknown": false,
> >    "class":"solr.JWTAuthPlugin",
> >               "jwk":{
> >      "kty":"oct",
> >      "use":"sig",
> >      "kid":"k1",
> >      "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
> >      "alg":"HS256"},
> >    "aud":"solr"},
> >               "authorization":{
> >      "class":"solr.RuleBasedAuthorizationPlugin",
> >      "permissions":[
> >                              {
> >            "name":"all",
> >                                             "path":"/*",
> >            "role":"admin"
> >         }
> >      ],
> >      "user-role":{
> >         "solr":"admin"
> >      }
> >   }
> > }
> >
> > Using secret key
> > 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
> >
> > Jwt token is generated:
> > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
> >
> > Below header and payload I'm using for generate jwt token :
> >
> > The header is
> > {
> >  "alg": "HS256",
> >  "typ": "JWT"
> > }
> >
> > and the payload is
> >
> > {
> >  "sub": "admin",
> >  "aud": "Solr",
> >  "exp": 9916239022
> > }
> >
> > With above configuration my jwt authentication is working fine. But there is a problem
when request is sent without authentication in header the api still retrieving data. I want
to prevent it when request come without authentication header.
> >
> > For that, I've enabled blockUnknown parameter in security.json file. That works
fine and authentication request is required. But, after enabling blockunknown  parameter I
am facing below exception while starting solr using solr start command.
> >
> >
> > ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system.
Please supply valid credentials. HTTP code=401
> >
> > I've googled a lot and find out
> >
> > solr/admin/info/system endpoint required authentication.
> >
> > How to authenticate solr/admin/info/system endpoint while startup solr?
> >
> > Need urgent help. I'd appreciate if someone can help me.
> >
> > Thanks
> > Lakhan Gupta
> >
> >
> >
> > The information in this email is confidential and may be legally privileged. It
is intended solely for the addressee and access to it by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken based on it, is strictly prohibited and may be unlawful.
>

Mime
View raw message