[
https://issues.apache.org/jira/browse/SOLR-13071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17307110#comment-17307110
]
Jan Høydahl commented on SOLR-13071:
------------------------------------
One way I have been thinking of is to allow more than one auth scheme in Solr
at a time.
Say you have JWT, but also BasicAuth. Then restrict the BasicAuth method to
only allow requests from 127.0.0.1 and you have effectively opened up a way to
run bin/solr scripts on localhost while still securing external requests with
JWT. See SOLR-12666
> Add JWT Auth support in bin/solr
> --------------------------------
>
> Key: SOLR-13071
> URL: https://issues.apache.org/jira/browse/SOLR-13071
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
> Reporter: Jan Høydahl
> Priority: Major
>
> Once SOLR-12121 gets in, we should add support to {{bin/solr}} start scripts
> so they can authenticate with Solr using a JWT token. A preferred way would
> perhaps be through {{solr.in.sh}} and add new
> {noformat}
> SOLR_AUTH_TYPE=token
> SOLR_AUTHENTICATION_OPTS=-DjwtToken=....
> {noformat}
> A disadvantage with this method is that the user needs to know how to obtain
> the token, and the token needs to be long-lived. A more sophisticated way
> would be a {{bin/solr auth login}} command that opens a browser window with
> the IDP login screen and saves the short-lived access token and optionally
> refresh token, in the file system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
