laminelam commented on PR #3029: URL: https://github.com/apache/solr/pull/3029#issuecomment-2593359376
@epugh Actually, this is not a new type of authentication. Solr already has a [Certificate Authentication Plugin](https://solr.apache.org/guide/solr/latest/deployment-guide/cert-authentication-plugin.html) but it offers a very basic support. In fact, the existing code is merely more than [one of line](https://github.com/apache/solr/blob/6d838cb3de9774e1a17208a78210f8968ce4e959/solr/core/src/java/org/apache/solr/security/CertAuthPlugin.java#L44) that extracts the whole subject DN (ex: "_CN=Solr User,OU=Engineering,O=Example Inc.,C=US_") from the cert and use it as the _principal_ (kind of username) of the received request This PR is an enhancement to the existing plugin. It is a part of a bigger contribution to support: - 1- Flexible Principal extraction - 2- Identity extraction - 3- Identity validation More details in these 2 JIRAs: [SOLR-17308](https://issues.apache.org/jira/browse/SOLR-17308) and [SOLR-17309](https://issues.apache.org/jira/browse/SOLR-17309) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
