Lamine created SOLR-17247:
-----------------------------
Summary: 'WWW-Authenticate' headers missing in MultiAuthPlugin
Key: SOLR-17247
URL: https://issues.apache.org/jira/browse/SOLR-17247
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Authentication
Reporter: Lamine
MultiAuthPlugin does not return WWW-Authenticate' headers
When returning a 401 response a Web application needs to indicate to the client
what authentication challenges it supports, otherwise an exception like
"{_}HTTP protocol violation: Authentication challenge without WWW-Authenticate
header{_}“ is raised.
Solr’s MultiAuthPlugin does not supports this. Solr should return the list of
supported schemes (challenges).
According to HTTP [RFC
7235|https://datatracker.ietf.org/doc/html/rfc7235#section-3.1]:
_The 401 (Unauthorized) status code indicates that the request has not_
_been applied because it lacks valid authentication credentials for_
_the target resource. The server generating a 401 response *MUST* send_
_a WWW-Authenticate header field ([Section
4.1|https://datatracker.ietf.org/doc/html/rfc7235#section-4.1]) containing at
least one_
_challenge applicable to the target resource._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
