[
https://issues.apache.org/jira/browse/SOLR-13116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16735833#comment-16735833
]
Jason Gerlowski commented on SOLR-13116:
----------------------------------------
Hey Jan, I just tested your login screen with Kerberos (this includes the
changes you made an hour or so ago, to clarify)
This is the behavior I'm seeing:
1. With a Kerberos ticket in my local ticket cache, I can get to the admin UI
and perform operations without ever seeing a login screen. The admin UI is
definitely usable.
2. If I destroy my Kerberos ticket or it expires, subsequent navigation or
operations will produce a username/password login page.
3. If my machine acquires a valid ticket, I can then click on the 'Dashboard'
menu item to get away from the login page and back to the dashboard.
So in summary, the Admin UI is definitely usable when Kerberos auth is being
used. But that said the login/auth page still seems a little
BasicAuth-specific, and inappropriate for other auth schemes. Some specific
issues:
#. We probably shouldn't be displaying {{username}} and {{password}} dialog
boxes unless we're sure the user is using a auth scheme where those values make
sense (they don't in Kerberos, for example).
#. Some other terms on the page also seem a little too Basic Auth specific to
be useful for other auth schemes. "Login/Logout" might be examples of this -
those terms are rarely used when discussing Kerberos authentication. Not
entirely sure on this though.
#. It looks like when Kerberos is used, several templated values needed for the
auth page are missing, causing UI errors. Not familiar with how the UI works,
so I may be off on the cause here. I've attached a screenshot below of the UI
errors for the auth page on {{master}}
!eventual_auth.png!
As for Kerberos/Solr testing, I recently came across a writeup/helper-repo that
Ishan put together a year or two ago. If you've got docker installed, it makes
setting up and testing Kerberos refreshingly straightforward. Give it a shot
if you get a chance: https://github.com/chatman/solr-kerberos-docker
> Add Admin UI login support for Kerberos
> ---------------------------------------
>
> Key: SOLR-13116
> URL: https://issues.apache.org/jira/browse/SOLR-13116
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI
> Affects Versions: master (8.0), 7.7
> Reporter: Jan Høydahl
> Priority: Major
> Attachments: eventual_auth.png
>
>
> Spinoff from SOLR-7896. Kerberos auth plugin should get Admin UI Login
> support.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
