[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932690#comment-15932690 ]

Jan Høydahl commented on SOLR-7896:

Guess we could use this AngularJS module https://github.com/sahat/satellizer for the frontend. It uses JWT
On the Solr end we'd need to add e.g. {{/auth/login/}} endpoint to validate the login.
On the Admin UI end we'd need to add the login controller and a login screen/dialogue.
Guess we'd also need to add some kind of {{TokenAuthenticationPlugin}} which validates the {{Authorization: Bearer <token>}} header much in the same way that we have a special path to validate the {{SolrAuth}} header for PKI auth. This fellow could also take care of Single Sign on (to support user browsing away to another solr node) by securely asking the original Solr node if the token is valid.
Further, the Admin UI will on first load make a request to Solr to ask wether login will be required, and if so, pop up the dialogue immediately.

Do I miss anything here? Anyone who have experience in these things?
How do the {{/auth/login}} endpoint validate a user login in case of Kerberos/Hadoop auth? Perhaps by forwarding user with OAuth2 to some other server in the network? I'm quite blank on this..

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>              Labels: authentication, login, password
> Out of the box, the Solr Administrative interface should require a password that the user is required to set.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]