Hi,
Do both auth plugins work for ordinary API requests? I.e. is it only the Admin
UI login that is broken?
Have you tried force refreshing your browser (shift-f5)?
Jan
> 31. aug. 2023 kl. 14:56 skrev Primordial Atom <distant.ca...@gmail.com>:
>
> Hi there,
>
> for a while now, I've been struggling with the MultiAuthPlugin and
> integrating Keycloak / OIDC for admin authentication.
>
> My security.json looks like this (excerpt):
>
> {
> "authentication": {
> "class": "solr.MultiAuthPlugin",
> "schemes": [{
> "scheme": "bearer",
> "blockUnknown": true,
> "class": "solr.JWTAuthPlugin",
> "redirectUris": "https://services.webtravel.de/myjack-stage/solr/*";,
> "rolesClaim": "resource_access.solr.roles",
> "adminUiScope": "admin",
> "scope": "admin",
> "issuers": [{
> "name": "Keycloak",
> "wellKnownUrl":
> "https://services.webtravel.de/myjack-stage/keycloak/auth/realms/uat/.well-known/openid-configuration";,
> "clientId": "solr"
> }]
> }, {
> "scheme": "basic",
> "blockUnknown": false,
> "class": "solr.BasicAuthPlugin",
> "credentials": {
> "k8s-oper": "sUux1zWSnONtl5j4D0S8NcJSZqv11w4F1aFNaciocz8=
> ZvHE8cSFHYbiMVtRn7/jvd13JERrJaoWKP/HFG9TiiQ="
> },
> "forwardCredentials": false
> }]
> }, ...
>
> The 'bearer' scheme is configured first so in theory it should be
> picked up for admin login. However, the login page still prompts for
> 'Basic Authentication'.
>
> Any hints on why this does not seem to work?
>
> (Solr 9.3.0, deployed on K8s using Solr Operator)
>
> Best wishes,
> Karsten
