[
https://issues.apache.org/jira/browse/SOLR-12666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16912135#comment-16912135
]
Noble Paul edited comment on SOLR-12666 at 8/21/19 9:55 AM:
------------------------------------------------------------
In principle +1 to multiple auth plugins. Let's assume that people may have a
max of 2 -3 auth plugins and , 99% of the people are likely to use only one.
The following should be fine
{code:js}
{
"authentication": {
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},
"authentication2" : {},
"authentication3":{},
"authorization":{}
}
{code}
was (Author: noble.paul):
In principle +1 to multiple auth plugins. Let's assume that people may have a
max of 2 -3 auth plugins and , 99% of the people are likely to use only one.
The following should be fine
{code:js}
{
"authentication":{
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0=
Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
authentication2 : {},
authentication3:{},
"authorization":{}
}
{code}
> Support multiple AuthenticationPlugin's simultaneoulsy
> ------------------------------------------------------
>
> Key: SOLR-12666
> URL: https://issues.apache.org/jira/browse/SOLR-12666
> Project: Solr
> Issue Type: New Feature
> Components: Authentication, security
> Reporter: Jan Høydahl
> Priority: Major
> Labels: authentication
>
> Solr is getting support for more authentication plugins year by year, and
> customers have developed their own in-house plugins as well.
> At the same time we see more and more JIRAs to add *BasicAuth* support for
> various clients and use cases, such as SOLR-12584 (Solr Exporter), SOLR-9779
> (Streaming expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213
> (JDBC), SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming
> expression daemon), SOLR-12860 (metrics history), SOLR-11759
> (DocExpirationUpdateProcessor), SOLR-11959 (CDCR), SOLR-12359 (LIR) and
> probably more. Some of these may be bugs that can be fixed with PKI though...
> Currently the framework supports *only one active Auth method* (except PKI
> which is special). Which means that if you use something else than BasicAuth,
> you're lucky if you get any of the above features to work with your cluster.
> -Even the AdminUI only supports BasicAuth (implicit via browser).- Admin UI
> has explicit support for a few plugins only.
> I think the solution is to allow more than one auth plugin to be active at
> the same time, allowing people to use their custom fancy auth which is
> tightly integrated with their environment, and at the same time activate e.g.
> BasicAuth or JWTAuth for use with other clients that do not support the
> primary auth method.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
