lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Gerlowski <gerlowsk...@gmail.com>
Subject Re: Facing jwt authentication problem using solr 8.1.1
Date Fri, 20 Dec 2019 13:39:57 GMT
Oh, ok.

>From the user's error message it looked to me like bin/solr was making
an admin/info/system call from bash, but it must be something else.

On Fri, Dec 20, 2019 at 6:28 AM Jan Høydahl <jan.asf@cominvent.com> wrote:
>
> No, I doubt that bin/solr support would do more than just wire in a simple initial JWT
config, with some default Rule-based config.
>
> Jan
>
> > 17. des. 2019 kl. 16:42 skrev Jason Gerlowski <gerlowskija@gmail.com>:
> >
> > Hey Jan,
> >
> > Is this a case of something that'd be fixed by
> > https://issues.apache.org/jira/browse/SOLR-13071 ?
> >
> > Just wondering
> >
> > Best,
> > Jason
> >
> > On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <jan.asf@cominvent.com> wrote:
> >>
> >> Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7
<https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
> >>
> >> The trick is to «whitelist» certain paths that will not require auth, but
then further down add rules to block all other paths either as admin role or with special
role *»* which means «any authenticated user».
> >>
> >> Jan
> >>
> >>> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <Lakhan.Gupta@infogain.com.INVALID>:
> >>>
> >>> Hi,
> >>>
> >>> Using solr 8.1.1 version and facing problem while enabling jwt authentication
in solr. Jwt authentication is working fine after configuring security.json file. Below is
the configuration I am using for enabling jwt authentication.
> >>>
> >>> Security.json
> >>>
> >>> {
> >>> "authentication":{
> >>>              "blockUnknown": false,
> >>>   "class":"solr.JWTAuthPlugin",
> >>>              "jwk":{
> >>>     "kty":"oct",
> >>>     "use":"sig",
> >>>     "kid":"k1",
> >>>     "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
> >>>     "alg":"HS256"},
> >>>   "aud":"solr"},
> >>>              "authorization":{
> >>>     "class":"solr.RuleBasedAuthorizationPlugin",
> >>>     "permissions":[
> >>>                             {
> >>>           "name":"all",
> >>>                                            "path":"/*",
> >>>           "role":"admin"
> >>>        }
> >>>     ],
> >>>     "user-role":{
> >>>        "solr":"admin"
> >>>     }
> >>>  }
> >>> }
> >>>
> >>> Using secret key
> >>> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
> >>>
> >>> Jwt token is generated:
> >>> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
> >>>
> >>> Below header and payload I'm using for generate jwt token :
> >>>
> >>> The header is
> >>> {
> >>> "alg": "HS256",
> >>> "typ": "JWT"
> >>> }
> >>>
> >>> and the payload is
> >>>
> >>> {
> >>> "sub": "admin",
> >>> "aud": "Solr",
> >>> "exp": 9916239022
> >>> }
> >>>
> >>> With above configuration my jwt authentication is working fine. But there
is a problem when request is sent without authentication in header the api still retrieving
data. I want to prevent it when request come without authentication header.
> >>>
> >>> For that, I've enabled blockUnknown parameter in security.json file. That
works fine and authentication request is required. But, after enabling blockunknown  parameter
I am facing below exception while starting solr using solr start command.
> >>>
> >>>
> >>> ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system.
Please supply valid credentials. HTTP code=401
> >>>
> >>> I've googled a lot and find out
> >>>
> >>> solr/admin/info/system endpoint required authentication.
> >>>
> >>> How to authenticate solr/admin/info/system endpoint while startup solr?
> >>>
> >>> Need urgent help. I'd appreciate if someone can help me.
> >>>
> >>> Thanks
> >>> Lakhan Gupta
> >>>
> >>>
> >>>
> >>> The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee and access to it by anyone else is unauthorized. If
you are not the intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken based on it, is strictly prohibited and may be unlawful.
> >>
>

Mime
View raw message