I don't think this is a configuration or networking problem, when removing permissions on my collections all nodes can properly talk to each other (using PKIAuth) and every request returns a 200 HTTP code.
On 2025/05/22 18:00:38 Robi Petersen wrote: > add details of zk configs? check networking ports? > > > On Thu, May 22, 2025 at 5:25 AM BCT Timo Crabbé > <ti...@bctsoftware.com.invalid> wrote: > > > Hi, > > > > > > > > When deploying a Solr 9.7 Cluster with three nodes and using the JWTAuth > > plugin for authentication and authorization, I ran into an issue when > > adding permissions on my collections. > > It looks like the authorization details that are passed in the roles claim > > in the JWT token are not passed to other nodes in the cluster when doing > > internode requests resulting in a 403 http error code. > > > > > > I was able to trace the problem to the sendRemoteQuery function in > > `solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java`. > > This function creates a HttpClientContext but never adds the current > > user’s Security Principal like the executeMethod function does in > > solr/solrj/src/java/org/apache/solr/client/solrj/impl/HttpSolrClient.java. > > > > > > Can anyone confirm this bug? > > > > Kind regards, > > > > > > > > *Timo Crabbé* > > > > DevOps engineer > > +31 (0) 6 51 52 74 48 > > > > > > > > > > > > > > > > > > > > General: +31 (0)46 442 45 45 > > > > Servicedesk: +31 (0)46 442 50 20 > > > > > > > > <https://bctsoftware.com/> > > > > > > > > > > > > > > > > Postbus 59 > > 6130 AB Sittard > > > > Hub Dassenplein 3 > > 6131 LB Sittard > > > > www.bctsoftware.com <https://bctsoftware.com> > > BCT is business name of BCT BV > > > > > > > > [image: BCT.Community.Meetup.2024] <https://bctsoftware.com/> > > > > > > > > DISCLAIMER > > <https://www.bctsoftware.com/nl/postni/e-mail-disclaimer-english> > > > > The of the environment before printing this message. > > > > <https://www.youtube.com/BCTbv> > > > > > > > > [image: Twitter] <https://twitter.com/BCTsoftware> > > > > > > > > [image: linkedIn] <https://www.linkedin.com/company/bctsoftware> > > > > > > > > > > > Kind regards, Timo Crabbé DevOps engineer +31 (0) 6 51 52 74 48 General: +31 (0)46 442 45 45 Servicedesk: +31 (0)46 442 50 20 [cid:image001.png@01DBCE35.D3148ED0]<https://bctsoftware.com/> Postbus 59 6130 AB Sittard Hub Dassenplein 3 6131 LB Sittard www.bctsoftware.com<https://bctsoftware.com> BCT is business name of BCT BV [BCT.Community.Meetup.2024]<https://bctsoftware.com/> DISCLAIMER<https://www.bctsoftware.com/nl/postni/e-mail-disclaimer-english> The of the environment before printing this message. [cid:image004.jpg@01DBCE35.D3148ED0]<https://www.youtube.com/BCTbv> [Twitter]<https://twitter.com/BCTsoftware> [linkedIn]<https://www.linkedin.com/company/bctsoftware>
