You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2021/03/03 22:48:00 UTC

[jira] [Commented] (SOLR-13071) Add JWT Auth support in bin/solr

    [ https://issues.apache.org/jira/browse/SOLR-13071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17294868#comment-17294868 ] 

Jan Høydahl commented on SOLR-13071:
------------------------------------

To avoid adding token to solr.in.sh you can use same technique as basicAuth, see https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/util/SolrCLI.java#L4017:L4033 and https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/util/SolrCLI.java#L4120:L4123

So you can add the token to a separate file readable only to Solr and add to solr.in.sh

{code:java}
SOLR_AUTH_TYPE=token
SOLR_AUTHENTICATION_OPTS=-Dsolr.auth.jwt.tokenFile=/path/to/tokenfile
{code}


> Add JWT Auth support in bin/solr
> --------------------------------
>
>                 Key: SOLR-13071
>                 URL: https://issues.apache.org/jira/browse/SOLR-13071
>             Project: Solr
>          Issue Type: Improvement
>          Components: scripts and tools
>            Reporter: Jan Høydahl
>            Priority: Major
>
> Once SOLR-12121 gets in, we should add support to {{bin/solr}} start scripts so they can authenticate with Solr using a JWT token. A preferred way would perhaps be through {{solr.in.sh}} and add new
> {noformat}
> SOLR_AUTH_TYPE=token
> SOLR_AUTHENTICATION_OPTS=-DjwtToken=....
> {noformat}
> A disadvantage with this method is that the user needs to know how to obtain the token, and the token needs to be long-lived. A more sophisticated way would be a {{bin/solr auth login}} command that opens a browser window with the IDP login screen and saves the short-lived access token and optionally refresh token, in the file system.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org