[jira] [Commented] (SOLR-12666) Support multiple AuthenticationPlugin's simultaneoulsy

Tue, 12 Oct 2021 00:47:05 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-12666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17427515#comment-17427515
 ] 

Jan Høydahl commented on SOLR-12666:
------------------------------------

Absolutely, looks impressive. Pac4j and probably other frameworks should be 
considered, and then choose one to do a POC with basicAuth.

> Support multiple AuthenticationPlugin's simultaneoulsy
> ------------------------------------------------------
>
>                 Key: SOLR-12666
>                 URL: https://issues.apache.org/jira/browse/SOLR-12666
>             Project: Solr
>          Issue Type: New Feature
>          Components: Authentication, security
>            Reporter: Jan Høydahl
>            Priority: Major
>              Labels: authentication
>         Attachments: ShiroAuthenticationSequence.png
>
>
> Solr is getting support for more authentication plugins year by year, and 
> customers have developed their own in-house plugins as well.
> At the same time we see more and more JIRAs to add *BasicAuth* support for 
> various clients and use cases, such as SOLR-12584 (Solr Exporter), SOLR-9779 
> (Streaming expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 
> (JDBC), SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming 
> expression daemon), SOLR-12860 (metrics history), SOLR-11759 
> (DocExpirationUpdateProcessor), SOLR-11959 (CDCR), SOLR-12359 (LIR) and 
> probably more. Some of these may be bugs that can be fixed with PKI though...
> Currently the framework supports *only one active Auth method* (except PKI 
> which is special). Which means that if you use something else than BasicAuth, 
> you're lucky if you get any of the above features to work with your cluster. 
> -Even the AdminUI only supports BasicAuth (implicit via browser).- Admin UI 
> has explicit support for a few plugins only.
> I think the solution is to allow more than one auth plugin to be active at 
> the same time, allowing people to use their custom fancy auth which is 
> tightly integrated with their environment, and at the same time activate e.g. 
> BasicAuth or JWTAuth for use with other clients that do not support the 
> primary auth method.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to