Hi All, I am still encountering this issue on enabling authentication in solrcloud cluster(solr version 8.11.1 and apache zookeeper 3.5.8).Any suggestions /ideas to help resolve would be highly appreciated. Thanks. Also ,sharing below the detailed error coming in solr logs after enabling basic authentication in solr cluster.
ERROR : ------------------ ERROR (httpUriRequest-169-thread-1-processing-x:document2y_shard1_replica_n1 r:core_node3 n:<IP of node 2>:8984_solr http:////<IP of node 1(leader node)>:8984//solr c:document2y s:shard1) [c:document2y s:shard1 r:core_node3 x:document2y_shard1_replica_n1] o.a.s.c.s.i.HttpClientUtil => org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed at org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:372) org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA private key operation failed at org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:372) ~[?:?] at org.apache.solr.security.PKIAuthenticationPlugin.generateToken(PKIAuthenticationPlugin.java:333) ~[?:?] at org.apache.solr.security.PKIAuthenticationPlugin.setHeader(PKIAuthenticationPlugin.java:340) ~[?:?] at org.apache.solr.security.PKIAuthenticationPlugin$HttpHeaderClientInterceptor.process(PKIAuthenticationPlugin.java:296) ~[?:?] at org.apache.solr.client.solrj.impl.HttpClientUtil$DynamicInterceptor$1.accept(HttpClientUtil.java:199) ~[?:?] at org.apache.solr.client.solrj.impl.HttpClientUtil$DynamicInterceptor$1.accept(HttpClientUtil.java:194) ~[?:?] at java.util.concurrent.CopyOnWriteArrayList.forEach(CopyOnWriteArrayList.java:807) ~[?:?] at org.apache.solr.client.solrj.impl.HttpClientUtil$DynamicInterceptor.process(HttpClientUtil.java:194) ~[?:?] at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:133) ~[?:?] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[?:?] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[?:?] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[?:?] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[?:?] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[?:?] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[?:?] at org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:571) ~[?:?] at org.apache.solr.client.solrj.impl.HttpSolrClient.lambda$httpUriRequest$0(HttpSolrClient.java:310) ~[?:?] at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:218) ~[?:?] at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor$$Lambda$186/0x0000000000000000.run(Unknown Source) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:866) [?:?] Caused by: javax.crypto.BadPaddingException: RSA private key operation failed at sun.security.rsa.NativeRSACore.crtCrypt_Native(NativeRSACore.java:149) ~[?:?] at sun.security.rsa.NativeRSACore.rsa(NativeRSACore.java:91) ~[?:?] at sun.security.rsa.RSACore.rsa(RSACore.java:149) ~[?:?] at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:357) ~[?:?] at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:405) ~[?:?] at javax.crypto.Cipher.doFinal(Cipher.java:2260) ~[?:?] at org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:370) ~[?:?] ... 23 more 2022-07-14 13:19:22.392 ERROR (recoveryExecutor-11-thread-1-processing-n:<IP of node 2>:8984_solr x:document2y_shard1_replica_n1 c:document2y s:shard1 r:core_node3) [c:document2y s:shard1 r:core_node3 x:document2y_shard1_replica_n1] o.a.s.c.RecoveryStrategy Error while trying to recover. core=document2y_shard1_replica_n1 => java.util.concurrent.ExecutionException: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://<IP of node 1(leader node)>:8984/solr: Expected mime type application/octet-stream but got text/html. <html> <head> java.util.concurrent.ExecutionException: org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error from server at http://<IP of node 1(leader node)>:8984/solr: Expected mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 require authentication</title> <table> <tr><th>URI:</th><td>/solr/admin/cores</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>require authentication</td></tr> <tr><th>SERVLET:</th><td>default</td></tr> </table> </body> </html> ------------- Thank You Anchal Sharma ________________________________ From: Anchal Sharma2 <anchs...@in.ibm.com> Sent: Thursday, June 30, 2022 9:26 PM To: users@solr.apache.org <users@solr.apache.org> Subject: [EXTERNAL] Problem in enabling basic solr authentication for solr cluster Hello Team , I referred to following link and enabled basic solr authentication - Basic Authentication Plugin | Apache Solr Reference Guide 8.11<https://solr.apache.org/guide/8_11/basic-authentication-plugin.html > Basic Authentication Plugin | Apache Solr Reference Guide 8.11<https://solr.apache.org/guide/8_11/basic-authentication-plugin.html > Combining Basic Authentication with Other Schemes. When using other authentication schemes, such as the JWT Authentication Plugin, you may still want to use Basic authentication for a small set of "service account" oriented client applications.Solr provides the MultiAuthPlugin to support multiple authentication schemes. For example, you may want to integrate Solr with an OIDC provider for user ... solr.apache.org It works well for a standalone solrcloud . But when I try these steps in solr cluster (3 zookeepers and 2 solrs) . I get intermittent error on running query on solr collections . Please let me know if I have missed some configuration. Please note the error comes ONLY when running query , and I can login to solr just fine using solr credentials. Solr version 8.11.1 and apache zookeeper version 3.5.8 ERROR <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 require authentication</title> </head> <body><h2>HTTP ERROR 401 require authentication</h2> <table> <tr><th>URI:</th><td>/solr/param/select</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>require authentication</td></tr> <tr><th>SERVLET:</th><td>default</td></tr> </table> </body> </html> STEPS DONE 1.Updated security.json on both solr nodes {"authentication":{ "blockUnknown": true, "class":"solr.BasicAuthPlugin", "credentials":{"solr":"DefaultEncryptedPassword"}, "realm":"Solr user", "forwardCredentials": false}, "authorization":{"class":"solr.RuleBasedAuthorizationPlugin", "user-role":{"solr":"admin"}, "permissions":[{"name":"security-edit","role":"admin"}] }} 2.Restarted all 3 zookeeper and 2 solr nodes 3.Upload security.json to zookeeper (for both solr nodes) ./solr zk cp /<local path to >/security.json zk:security.json -z hostname1:2181,hostname2:2181,hostname3:2181 Thank You Anchal Sharma
