You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "jhng (Jira)" <ji...@apache.org> on 2024/02/20 16:59:00 UTC

[jira] [Created] (SOLR-17169) Solr restart issue with JWT authentioncation plugin enabled

jhng created SOLR-17169:
---------------------------

             Summary: Solr restart issue with JWT authentioncation plugin enabled
                 Key: SOLR-17169
                 URL: https://issues.apache.org/jira/browse/SOLR-17169
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Admin UI
    Affects Versions: 9.5.0, 9.4
         Environment: The solr environemnt:

OS: RedHat 8

JDK: OpenJDK 64-Bit Server VM 11.0.22 11.0.22+7-LTS
            Reporter: jhng


Hello,

We are trying to configure Solr admin UI to authenticate using the {{JWTAuthPlugin}} with Azure AD. 

The SSO login is working if the server start properly. But when we try to reboot the server with "service solr restart", there is 50% chance the service can't be start. 

When the server failed to start, we could find the error below in log which seems the solr service can't find right certificate to connect azure AD. But meanwhile on other 50% time, the solr sercie can find the certifcate and start adminUI with SSO enabled.

 

 
{code:java}
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) ~[?:?]        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) ~[?:?]        at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?]        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?]        at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?]        at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]        at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[?:?]        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[?:?]        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?]        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?]        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[?:?]        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) ~[?:?]        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) ~[?:?]        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[?:?]        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1511) ~[?:?]        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) ~[?:?]        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456) ~[?:?]        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427) ~[?:?]        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) ~[?:?]        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201) ~[?:?]        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592) ~[?:?]        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]        at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?]        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?]        at org.jose4j.http.Get.get(Get.java:81) ~[?:?]        at org.apache.solr.security.jwt.JWTIssuerConfig$WellKnownDiscoveryConfig.parse(JWTIssuerConfig.java:537) ~[?:?] {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org