Copilot commented on code in PR #4401:
URL: https://github.com/apache/solr/pull/4401#discussion_r3195370043
##########
solr/solr-ref-guide/modules/deployment-guide/pages/jwt-authentication-plugin.adoc:
##########
@@ -36,23 +36,22 @@ The simplest possible `security.json` for registering the
plugin without configu
----
{
"authentication": {
- "class":"solr.JWTAuthPlugin",
- "blockUnknown":"false"
+ "class":"solr.JWTAuthPlugin"
}
}
Review Comment:
The “simplest possible security.json” example now only sets the plugin class
and omits any key/issuer configuration (e.g., jwk/jwksUrl/wellKnownUrl). With
`blockUnknown` now defaulting to `true`, this configuration leaves the plugin
unconfigured and will lead to requests failing with a server error (“JWTAuth
plugin not correctly configured”) rather than just blocking unauthenticated
access, effectively preventing bootstrap via REST. Please update the example to
either include a minimal working issuer/key configuration, or explicitly show
`blockUnknown: false` (and explain it’s for bootstrapping config via
unauthenticated REST calls).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
