[jira] [Commented] (SOLR-9640) Support PKI authentication and SSL in standalone-mode master/slave auth with local security.json

Sat, 03 Jan 2026 19:13:14 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18048913#comment-18048913
 ] 

David Smiley commented on SOLR-9640:
------------------------------------

Shalin said:

bq. Say if we detected https by looking at solr.jetty.keystore, my guess 
(untested) is that adding a wrongly configured node (no SSL) to the cloud will 
still work and all other nodes would be able to talk to this one node without 
https. So a global configuration saying everything must be https is necessary.

I don't see how adding a node without SSL will work with nodes with SSL in 
either direction.  How would they be able to talk to each other?  SSL nodes 
only speak SSL, likewise plaintext only plaintext.  While it's not impossible 
for a user to enable Solr to do a limited hybrid (e.g. via explicitly setting 
the urlScheme in solr.xml to the opposite of how the Solr node is listening), 
my interpretation of Jan's proposal here is that it'd generally, by default, be 
strictly either-or, and would be consistent with incoming & outgoing 
connections.  I would use the word "global configuration" for Jan's proposal, 
even though it's a node-scoped global as implemented via system properties.  
I'm not sure why the cluster properties value "urlScheme" exists.

> Support PKI authentication and SSL in standalone-mode master/slave auth with 
> local security.json
> ------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-9640
>                 URL: https://issues.apache.org/jira/browse/SOLR-9640
>             Project: Solr
>          Issue Type: New Feature
>          Components: Authentication, security
>            Reporter: Jan Høydahl
>            Priority: Major
>              Labels: authentication, pki
>         Attachments: SOLR-9640.patch, SOLR-9640.patch, SOLR-9640.patch, 
> SOLR-9640.patch, SOLR-9640.patch, SOLR-9640.patch, SOLR-9640.patch, 
> SOLR-9640.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> While working with SOLR-9481 I managed to secure Solr standalone on a 
> single-node server. However, when adding 
> {{&shards=localhost:8081/solr/foo,localhost:8082/solr/foo}} to the request, I 
> get 401 error. This issue will fix PKI auth to work for standalone, which 
> should automatically make both sharding and master/slave index replication 
> work.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to