[jira] [Commented] (SOLR-12666) Support multiple AuthenticationPlugin's simultaneoulsy

Wed, 21 Aug 2019 01:08:47 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-12666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912025#comment-16912025
 ] 

Jan Høydahl commented on SOLR-12666:
------------------------------------

No, this is still in the conceptual stage. Obviously we want an elegant JSON 
syntax and either continue supporting today's syntax or auto-upgrade config to 
some newer format on first startup of Solr. A first straw man syntax:
{code:javascript}
{
  "authentication":{
    "chain": [
      {
        "class":"solr.BasicAuthPlugin",
        "credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= 
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
      },
      {
        "class":"solr.FooPlugin"
      }
    ]
  },
  "authorization":{}
}
{code}
 

> Support multiple AuthenticationPlugin's simultaneoulsy
> ------------------------------------------------------
>
>                 Key: SOLR-12666
>                 URL: https://issues.apache.org/jira/browse/SOLR-12666
>             Project: Solr
>          Issue Type: New Feature
>          Components: Authentication, security
>            Reporter: Jan Høydahl
>            Priority: Major
>              Labels: authentication
>
> Solr is getting support for more authentication plugins year by year, and 
> customers have developed their own in-house plugins as well.
> At the same time we see more and more JIRAs to add *BasicAuth* support for 
> various clients and use cases, such as SOLR-12584 (Solr Exporter), SOLR-9779 
> (Streaming expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 
> (JDBC), SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming 
> expression daemon), SOLR-12860 (metrics history), SOLR-11759 
> (DocExpirationUpdateProcessor), SOLR-11959 (CDCR), SOLR-12359 (LIR) and 
> probably more. Some of these may be bugs that can be fixed with PKI though...
> Currently the framework supports *only one active Auth method* (except PKI 
> which is special). Which means that if you use something else than BasicAuth, 
> you're lucky if you get any of the above features to work with your cluster. 
> -Even the AdminUI only supports BasicAuth (implicit via browser).- Admin UI 
> has explicit support for a few plugins only.
> I think the solution is to allow more than one auth plugin to be active at 
> the same time, allowing people to use their custom fancy auth which is 
> tightly integrated with their environment, and at the same time activate e.g. 
> BasicAuth or JWTAuth for use with other clients that do not support the 
> primary auth method.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to