Hi there,
for a while now, I've been struggling with the MultiAuthPlugin and
integrating Keycloak / OIDC for admin authentication.
My security.json looks like this (excerpt):
{
"authentication": {
"class": "solr.MultiAuthPlugin",
"schemes": [{
"scheme": "bearer",
"blockUnknown": true,
"class": "solr.JWTAuthPlugin",
"redirectUris": "https://services.webtravel.de/myjack-stage/solr/*";,
"rolesClaim": "resource_access.solr.roles",
"adminUiScope": "admin",
"scope": "admin",
"issuers": [{
"name": "Keycloak",
"wellKnownUrl":
"https://services.webtravel.de/myjack-stage/keycloak/auth/realms/uat/.well-known/openid-configuration";,
"clientId": "solr"
}]
}, {
"scheme": "basic",
"blockUnknown": false,
"class": "solr.BasicAuthPlugin",
"credentials": {
"k8s-oper": "sUux1zWSnONtl5j4D0S8NcJSZqv11w4F1aFNaciocz8=
ZvHE8cSFHYbiMVtRn7/jvd13JERrJaoWKP/HFG9TiiQ="
},
"forwardCredentials": false
}]
}, ...
The 'bearer' scheme is configured first so in theory it should be
picked up for admin login. However, the login page still prompts for
'Basic Authentication'.
Any hints on why this does not seem to work?
(Solr 9.3.0, deployed on K8s using Solr Operator)
Best wishes,
Karsten
