[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16733608#comment-16733608
]
Jan Høydahl commented on SOLR-7896:
-----------------------------------
{quote}since it seems from reading the docs that if I use any other auth other
than Basic (such as Kerberos) I can then no longer ever access the UI at all
after this change, is that true?
{quote}
Not exactly, the UI will start as normal and allow doing any action that is
permitted without authentication. If the user opens a page or attempts an
action that requires authentication, then the login screen is presented with a
message from whatever Auth plugin is active. I guess this will look like a dead
end, as the only menu option will be "Login" at this point. But opening a new
browser tab will bring back the full UI. Ideally the UI should be security
aware and hide or grey out options that are not available without login.
The situation before was a bunch of errors in the UI and possibly a totally
defunct user experience. At least now you will be told that the UI does not
work with the chosen Auth.
I opened SOLR-13116 to add login support for Kerberos.
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, Authentication, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Assignee: Jan Høydahl
> Priority: Major
> Labels: authentication, login, password
> Fix For: master (8.0), 7.7
>
> Attachments: dispatchfilter-code.png, login-page.png,
> login-screen-2.png, logout.png, unknown_scheme.png
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Now that Solr supports Authentication plugins, the missing piece is to be
> allowed access from Admin UI when authentication is enabled. For this we need
> * Some plumbing in Admin UI that allows the UI to detect 401 responses and
> redirect to login page
> * Possibility to have multiple login pages depending on auth method and
> redirect to the correct one
> * [AngularJS HTTP
> interceptors|https://docs.angularjs.org/api/ng/service/$http#interceptors] to
> add correct HTTP headers on all requests when user is logged in
> This issue should aim to implement some of the plumbing mentioned above, and
> make it work with Basic Auth.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
