[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932690#comment-15932690
]
Jan Høydahl commented on SOLR-7896:
-----------------------------------
Guess we could use this AngularJS module https://github.com/sahat/satellizer
for the frontend. It uses JWT
On the Solr end we'd need to add e.g. {{/auth/login/}} endpoint to validate the
login.
On the Admin UI end we'd need to add the login controller and a login
screen/dialogue.
Guess we'd also need to add some kind of {{TokenAuthenticationPlugin}} which
validates the {{Authorization: Bearer <token>}} header much in the same way
that we have a special path to validate the {{SolrAuth}} header for PKI auth.
This fellow could also take care of Single Sign on (to support user browsing
away to another solr node) by securely asking the original Solr node if the
token is valid.
Further, the Admin UI will on first load make a request to Solr to ask wether
login will be required, and if so, pop up the dialogue immediately.
Do I miss anything here? Anyone who have experience in these things?
How do the {{/auth/login}} endpoint validate a user login in case of
Kerberos/Hadoop auth? Perhaps by forwarding user with OAuth2 to some other
server in the network? I'm quite blank on this..
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Labels: authentication, login, password
>
> Out of the box, the Solr Administrative interface should require a password
> that the user is required to set.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
