You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Jason Gerlowski (Jira)" <ji...@apache.org> on 2019/12/11 19:18:00 UTC

[jira] [Commented] (SOLR-14056) Solr admin api's are not authenticated after enabling blockUnknown parameter in jwt authentication.

    [ https://issues.apache.org/jira/browse/SOLR-14056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16993836#comment-16993836 ] 

Jason Gerlowski commented on SOLR-14056:
----------------------------------------

Hi Lakhan:

It sounds like you're looking for help with your security configuration.  We try to keep JIRA for just reports of known bugs.  Questions, advice, config-help is better for the solr-user@lucene.apache.org mailing list.  If you start an email thread on that list, I'll try to chime in and help there.

When you re-post on the mailing list, please try to be more explicit about what you're trying to do, what's the result is, and why that's not what you expected or want to happen.  Maybe it's just me, but I'm having trouble pulling that out of your description above.



> Solr admin api's are not authenticated after enabling blockUnknown parameter in jwt authentication.
> ---------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-14056
>                 URL: https://issues.apache.org/jira/browse/SOLR-14056
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication, Authorization
>    Affects Versions: 8.1.1
>         Environment: solr stand
>            Reporter: Lakhan Gupta
>            Priority: Critical
>              Labels: beginner
>
> Hi, 
> I am enabling jwt authentication using solr 8.1.1 in standalone mode. below is my security.json file. 
> {code:java}
> {{  "authentication":{ "blockUnknown": true,    "class":"solr.JWTAuthPlugin", "jwk":{      "kty":"oct",      "use":"sig",      "kid":"k1",      "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",      "alg":"HS256"},    "aud":"solr"},  "authorization":{      "class":"solr.RuleBasedAuthorizationPlugin",      "permissions":[  {            "name":"all", "path":"/*",            "role":"admin"         }      ],      "user-role":{         "solr":"admin"      }   }}
> {code}
> as you can see in above code, blockunknown parameter is enabled because of that my solr admin/info/system api is not authenticated. 
> I've read in 8.1.1 documentation as blockunknown parameter block unknown request. so that, my admin/info/system api causing problem. I need an urgent help! 
>  
> Really appreciate if someone can give me a quick solution.
>  
> Thanks 
> Laksh Gupta 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org