[
https://issues.apache.org/jira/browse/SOLR-17247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Pugh resolved SOLR-17247.
------------------------------
Fix Version/s: 9.7
Resolution: Fixed
> 'WWW-Authenticate' headers missing in MultiAuthPlugin
> -----------------------------------------------------
>
> Key: SOLR-17247
> URL: https://issues.apache.org/jira/browse/SOLR-17247
> Project: Solr
> Issue Type: Bug
> Components: Authentication
> Reporter: Lamine
> Assignee: Eric Pugh
> Priority: Minor
> Fix For: 9.7
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> MultiAuthPlugin does not return WWW-Authenticate' headers
> When returning a 401 response a Web application needs to indicate to the
> client what authentication challenges it supports, otherwise an exception
> like "{_}HTTP protocol violation: Authentication challenge without
> WWW-Authenticate header{_}“ is raised.
> Solr’s MultiAuthPlugin does not supports this. Solr should return the list
> of supported schemes (challenges).
>
> According to HTTP [RFC
> 7235|https://datatracker.ietf.org/doc/html/rfc7235#section-3.1]:
> _The 401 (Unauthorized) status code indicates that the request has not_
> _been applied because it lacks valid authentication credentials for_
> _the target resource. The server generating a 401 response *MUST* send_
> _a WWW-Authenticate header field ([Section
> 4.1|https://datatracker.ietf.org/doc/html/rfc7235#section-4.1]) containing at
> least one_
> _challenge applicable to the target resource._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
