Facing jwt authentication problem using solr 8.1.1

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Facing jwt authentication problem using solr 8.1.1

Lakhan Gupta
Hi,

Using solr 8.1.1 version and facing problem while enabling jwt authentication in solr. Jwt authentication is working fine after configuring security.json file. Below is the configuration I am using for enabling jwt authentication.

Security.json

{
  "authentication":{
               "blockUnknown": false,
    "class":"solr.JWTAuthPlugin",
               "jwk":{
      "kty":"oct",
      "use":"sig",
      "kid":"k1",
      "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
      "alg":"HS256"},
    "aud":"solr"},
               "authorization":{
      "class":"solr.RuleBasedAuthorizationPlugin",
      "permissions":[
                              {
            "name":"all",
                                             "path":"/*",
            "role":"admin"
         }
      ],
      "user-role":{
         "solr":"admin"
      }
   }
}

Using secret key
7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79

Jwt token is generated:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4

Below header and payload I'm using for generate jwt token :

The header is
{
  "alg": "HS256",
  "typ": "JWT"
}

and the payload is

{
  "sub": "admin",
  "aud": "Solr",
  "exp": 9916239022
}

With above configuration my jwt authentication is working fine. But there is a problem when request is sent without authentication in header the api still retrieving data. I want to prevent it when request come without authentication header.

For that, I've enabled blockUnknown parameter in security.json file. That works fine and authentication request is required. But, after enabling blockunknown  parameter I am facing below exception while starting solr using solr start command.


ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system. Please supply valid credentials. HTTP code=401

I've googled a lot and find out

solr/admin/info/system endpoint required authentication.

How to authenticate solr/admin/info/system endpoint while startup solr?

Need urgent help. I'd appreciate if someone can help me.

Thanks
Lakhan Gupta



The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>

The trick is to «whitelist» certain paths that will not require auth, but then further down add rules to block all other paths either as admin role or with special role *»* which means «any authenticated user».

Jan

> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <[hidden email]>:
>
> Hi,
>
> Using solr 8.1.1 version and facing problem while enabling jwt authentication in solr. Jwt authentication is working fine after configuring security.json file. Below is the configuration I am using for enabling jwt authentication.
>
> Security.json
>
> {
>  "authentication":{
>               "blockUnknown": false,
>    "class":"solr.JWTAuthPlugin",
>               "jwk":{
>      "kty":"oct",
>      "use":"sig",
>      "kid":"k1",
>      "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
>      "alg":"HS256"},
>    "aud":"solr"},
>               "authorization":{
>      "class":"solr.RuleBasedAuthorizationPlugin",
>      "permissions":[
>                              {
>            "name":"all",
>                                             "path":"/*",
>            "role":"admin"
>         }
>      ],
>      "user-role":{
>         "solr":"admin"
>      }
>   }
> }
>
> Using secret key
> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
>
> Jwt token is generated:
> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
>
> Below header and payload I'm using for generate jwt token :
>
> The header is
> {
>  "alg": "HS256",
>  "typ": "JWT"
> }
>
> and the payload is
>
> {
>  "sub": "admin",
>  "aud": "Solr",
>  "exp": 9916239022
> }
>
> With above configuration my jwt authentication is working fine. But there is a problem when request is sent without authentication in header the api still retrieving data. I want to prevent it when request come without authentication header.
>
> For that, I've enabled blockUnknown parameter in security.json file. That works fine and authentication request is required. But, after enabling blockunknown  parameter I am facing below exception while starting solr using solr start command.
>
>
> ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system. Please supply valid credentials. HTTP code=401
>
> I've googled a lot and find out
>
> solr/admin/info/system endpoint required authentication.
>
> How to authenticate solr/admin/info/system endpoint while startup solr?
>
> Need urgent help. I'd appreciate if someone can help me.
>
> Thanks
> Lakhan Gupta
>
>
>
> The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.

Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jason Gerlowski
Hey Jan,

Is this a case of something that'd be fixed by
https://issues.apache.org/jira/browse/SOLR-13071 ?

Just wondering

Best,
Jason

On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <[hidden email]> wrote:

>
> Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
>
> The trick is to «whitelist» certain paths that will not require auth, but then further down add rules to block all other paths either as admin role or with special role *»* which means «any authenticated user».
>
> Jan
>
> > 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <[hidden email]>:
> >
> > Hi,
> >
> > Using solr 8.1.1 version and facing problem while enabling jwt authentication in solr. Jwt authentication is working fine after configuring security.json file. Below is the configuration I am using for enabling jwt authentication.
> >
> > Security.json
> >
> > {
> >  "authentication":{
> >               "blockUnknown": false,
> >    "class":"solr.JWTAuthPlugin",
> >               "jwk":{
> >      "kty":"oct",
> >      "use":"sig",
> >      "kid":"k1",
> >      "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
> >      "alg":"HS256"},
> >    "aud":"solr"},
> >               "authorization":{
> >      "class":"solr.RuleBasedAuthorizationPlugin",
> >      "permissions":[
> >                              {
> >            "name":"all",
> >                                             "path":"/*",
> >            "role":"admin"
> >         }
> >      ],
> >      "user-role":{
> >         "solr":"admin"
> >      }
> >   }
> > }
> >
> > Using secret key
> > 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
> >
> > Jwt token is generated:
> > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
> >
> > Below header and payload I'm using for generate jwt token :
> >
> > The header is
> > {
> >  "alg": "HS256",
> >  "typ": "JWT"
> > }
> >
> > and the payload is
> >
> > {
> >  "sub": "admin",
> >  "aud": "Solr",
> >  "exp": 9916239022
> > }
> >
> > With above configuration my jwt authentication is working fine. But there is a problem when request is sent without authentication in header the api still retrieving data. I want to prevent it when request come without authentication header.
> >
> > For that, I've enabled blockUnknown parameter in security.json file. That works fine and authentication request is required. But, after enabling blockunknown  parameter I am facing below exception while starting solr using solr start command.
> >
> >
> > ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system. Please supply valid credentials. HTTP code=401
> >
> > I've googled a lot and find out
> >
> > solr/admin/info/system endpoint required authentication.
> >
> > How to authenticate solr/admin/info/system endpoint while startup solr?
> >
> > Need urgent help. I'd appreciate if someone can help me.
> >
> > Thanks
> > Lakhan Gupta
> >
> >
> >
> > The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.
>
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
No, I doubt that bin/solr support would do more than just wire in a simple initial JWT config, with some default Rule-based config.

Jan

> 17. des. 2019 kl. 16:42 skrev Jason Gerlowski <[hidden email]>:
>
> Hey Jan,
>
> Is this a case of something that'd be fixed by
> https://issues.apache.org/jira/browse/SOLR-13071 ?
>
> Just wondering
>
> Best,
> Jason
>
> On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <[hidden email]> wrote:
>>
>> Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
>>
>> The trick is to «whitelist» certain paths that will not require auth, but then further down add rules to block all other paths either as admin role or with special role *»* which means «any authenticated user».
>>
>> Jan
>>
>>> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <[hidden email]>:
>>>
>>> Hi,
>>>
>>> Using solr 8.1.1 version and facing problem while enabling jwt authentication in solr. Jwt authentication is working fine after configuring security.json file. Below is the configuration I am using for enabling jwt authentication.
>>>
>>> Security.json
>>>
>>> {
>>> "authentication":{
>>>              "blockUnknown": false,
>>>   "class":"solr.JWTAuthPlugin",
>>>              "jwk":{
>>>     "kty":"oct",
>>>     "use":"sig",
>>>     "kid":"k1",
>>>     "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
>>>     "alg":"HS256"},
>>>   "aud":"solr"},
>>>              "authorization":{
>>>     "class":"solr.RuleBasedAuthorizationPlugin",
>>>     "permissions":[
>>>                             {
>>>           "name":"all",
>>>                                            "path":"/*",
>>>           "role":"admin"
>>>        }
>>>     ],
>>>     "user-role":{
>>>        "solr":"admin"
>>>     }
>>>  }
>>> }
>>>
>>> Using secret key
>>> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
>>>
>>> Jwt token is generated:
>>> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
>>>
>>> Below header and payload I'm using for generate jwt token :
>>>
>>> The header is
>>> {
>>> "alg": "HS256",
>>> "typ": "JWT"
>>> }
>>>
>>> and the payload is
>>>
>>> {
>>> "sub": "admin",
>>> "aud": "Solr",
>>> "exp": 9916239022
>>> }
>>>
>>> With above configuration my jwt authentication is working fine. But there is a problem when request is sent without authentication in header the api still retrieving data. I want to prevent it when request come without authentication header.
>>>
>>> For that, I've enabled blockUnknown parameter in security.json file. That works fine and authentication request is required. But, after enabling blockunknown  parameter I am facing below exception while starting solr using solr start command.
>>>
>>>
>>> ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system. Please supply valid credentials. HTTP code=401
>>>
>>> I've googled a lot and find out
>>>
>>> solr/admin/info/system endpoint required authentication.
>>>
>>> How to authenticate solr/admin/info/system endpoint while startup solr?
>>>
>>> Need urgent help. I'd appreciate if someone can help me.
>>>
>>> Thanks
>>> Lakhan Gupta
>>>
>>>
>>>
>>> The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.
>>

Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jason Gerlowski
Oh, ok.

From the user's error message it looked to me like bin/solr was making
an admin/info/system call from bash, but it must be something else.

On Fri, Dec 20, 2019 at 6:28 AM Jan Høydahl <[hidden email]> wrote:

>
> No, I doubt that bin/solr support would do more than just wire in a simple initial JWT config, with some default Rule-based config.
>
> Jan
>
> > 17. des. 2019 kl. 16:42 skrev Jason Gerlowski <[hidden email]>:
> >
> > Hey Jan,
> >
> > Is this a case of something that'd be fixed by
> > https://issues.apache.org/jira/browse/SOLR-13071 ?
> >
> > Just wondering
> >
> > Best,
> > Jason
> >
> > On Thu, Dec 12, 2019 at 5:43 PM Jan Høydahl <[hidden email]> wrote:
> >>
> >> Try something like this https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7 <https://gist.github.com/b330e1bea7842bcdc1e5fa3940b4a4f7>
> >>
> >> The trick is to «whitelist» certain paths that will not require auth, but then further down add rules to block all other paths either as admin role or with special role *»* which means «any authenticated user».
> >>
> >> Jan
> >>
> >>> 12. des. 2019 kl. 07:47 skrev Lakhan Gupta <[hidden email]>:
> >>>
> >>> Hi,
> >>>
> >>> Using solr 8.1.1 version and facing problem while enabling jwt authentication in solr. Jwt authentication is working fine after configuring security.json file. Below is the configuration I am using for enabling jwt authentication.
> >>>
> >>> Security.json
> >>>
> >>> {
> >>> "authentication":{
> >>>              "blockUnknown": false,
> >>>   "class":"solr.JWTAuthPlugin",
> >>>              "jwk":{
> >>>     "kty":"oct",
> >>>     "use":"sig",
> >>>     "kid":"k1",
> >>>     "k":"7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79",
> >>>     "alg":"HS256"},
> >>>   "aud":"solr"},
> >>>              "authorization":{
> >>>     "class":"solr.RuleBasedAuthorizationPlugin",
> >>>     "permissions":[
> >>>                             {
> >>>           "name":"all",
> >>>                                            "path":"/*",
> >>>           "role":"admin"
> >>>        }
> >>>     ],
> >>>     "user-role":{
> >>>        "solr":"admin"
> >>>     }
> >>>  }
> >>> }
> >>>
> >>> Using secret key
> >>> 7A02618BE6943C22FD81CAB9F6FCF063B6E1732C3614BC3ACA6032B6B3215CAF0D28A34FD423423CA3AC34BEA27D3F79
> >>>
> >>> Jwt token is generated:
> >>> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZCIsImF1ZCI6InNvbHIiLCJleHAiOjk5MTYyMzkwMjJ9.M4PksJTJ9gFjOlvvFmG1eDSyXDtKIRSGIYicIW9hwT4
> >>>
> >>> Below header and payload I'm using for generate jwt token :
> >>>
> >>> The header is
> >>> {
> >>> "alg": "HS256",
> >>> "typ": "JWT"
> >>> }
> >>>
> >>> and the payload is
> >>>
> >>> {
> >>> "sub": "admin",
> >>> "aud": "Solr",
> >>> "exp": 9916239022
> >>> }
> >>>
> >>> With above configuration my jwt authentication is working fine. But there is a problem when request is sent without authentication in header the api still retrieving data. I want to prevent it when request come without authentication header.
> >>>
> >>> For that, I've enabled blockUnknown parameter in security.json file. That works fine and authentication request is required. But, after enabling blockunknown  parameter I am facing below exception while starting solr using solr start command.
> >>>
> >>>
> >>> ERROR: Solr requires authentication for http://localhost:8983/solr/admin/info/system. Please supply valid credentials. HTTP code=401
> >>>
> >>> I've googled a lot and find out
> >>>
> >>> solr/admin/info/system endpoint required authentication.
> >>>
> >>> How to authenticate solr/admin/info/system endpoint while startup solr?
> >>>
> >>> Need urgent help. I'd appreciate if someone can help me.
> >>>
> >>> Thanks
> >>> Lakhan Gupta
> >>>
> >>>
> >>>
> >>> The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.
> >>
>
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

lakshgupta29
This post was updated on .
In reply to this post by Jan Høydahl / Cominvent
Hi Jan,

Thanks for your quick response. The above issue has resolved now API's are
secured with JWT token with set authorized permissions.
Unfortunately , I'm stuck in solr admin UI dashboard.

I want to enable security with login screen to authenticate username and password in Admin UI Dashboard here. Could you please provide your inputs?

PS : Can i use basic authentication along with JWT authentication?  


Thanks!
Lakhan Gupta



--
Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
In reply to this post by Lakhan Gupta
There is support for OpenID connect login from Admin. Just point it to your IDP’s endpoint and Solr will redirect you to your IdP for logging in. The IdP will pass the JWT token to your browser.

If you manually generate your JWT tokens and do not have an IdP server it’s not that easy. What do you currently see in the login screen?

Jan Høydahl

> 29. des. 2019 kl. 11:44 skrev lakshgupta29 <[hidden email]>:
>
> Thanks for your quick response.
>
> Is there any way to secure my Admin UI Dashboard as well as API's using JWT
> token machanism.
>
> Thanks
>
>
>
> --
> Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

lakshgupta29
Currently, I am seeing the below image

<https://lucene.472066.n3.nabble.com/file/t495331/solr-login.png>

Jan, Could you please provide steps to create own IdP server or any
reference on the internet. I'd really appreciate that.

Thanks!



--
Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
Hi

Explaining what OpenID or Idenity servers are is a bit outside the scope here :)
Encourage you to read up on the subject[1] and try out one of the free IdP providers online[2]
to test things out, then decide whether you want to install your own IdP in-house.

[1] https://en.wikipedia.org/wiki/OpenID_Connect <https://en.wikipedia.org/wiki/OpenID_Connect>
[2] https://auth0.com <https://auth0.com/>, https://www.okta.com <https://www.okta.com/> and many others

Jan

> 30. des. 2019 kl. 13:03 skrev lakshgupta29 <[hidden email]>:
>
> Currently, I am seeing the below image
>
> <https://lucene.472066.n3.nabble.com/file/t495331/solr-login.png>
>
> Jan, Could you please provide steps to create own IdP server or any
> reference on the internet. I'd really appreciate that.
>
> Thanks!
>
>
>
> --
> Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html

Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

lakshgupta29
Can i use GitHub Provider authentication for admin UI support.



--
Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
Don’t think so - you need to register Solr as a client with your IdP according to the docs.

Jan

> 2. jan. 2020 kl. 13:01 skrev lakshgupta29 <[hidden email]>:
>
> Can i use GitHub Provider authentication for admin UI support.
>
>
>
> --
> Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html

Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

lakshgupta29
Hi Jan,

I've used Auth2.0 provider for admin UI Dashboard authentication. I've
passed IdP endpoint and client id as per the provider details. It's logging
in my dashboard successfully, not able to authenticate API,
getting below exception.

o.a.s.s.SolrLogAuditLoggerPlugin type="REJECTED" message="Rejected"
method="GET" status="401" requestType="UNKNOWN" username="null"
resource="/solr" queryString="_=1578034784015&wt=json" collections=null

As above exception, username is "null".

Could you please help out?

Please find the screenshot after provider authentication.
<https://lucene.472066.n3.nabble.com/file/t495331/solr-authentication.png>




--
Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html
Reply | Threaded
Open this post in threaded view
|

Re: Facing jwt authentication problem using solr 8.1.1

Jan Høydahl / Cominvent
As I said, I don’t think you will be successful with a public OAuth provider like google or GitHub.
I know little about how or whether they issue access tokens at all. I think they just deal with ID tokens?

Jan

> 3. jan. 2020 kl. 08:07 skrev lakshgupta29 <[hidden email]>:
>
> Hi Jan,
>
> I've used Auth2.0 provider for admin UI Dashboard authentication. I've
> passed IdP endpoint and client id as per the provider details. It's logging
> in my dashboard successfully, not able to authenticate API,
> getting below exception.
>
> o.a.s.s.SolrLogAuditLoggerPlugin type="REJECTED" message="Rejected"
> method="GET" status="401" requestType="UNKNOWN" username="null"
> resource="/solr" queryString="_=1578034784015&wt=json" collections=null
>
> As above exception, username is "null".
>
> Could you please help out?
>
> Please find the screenshot after provider authentication.
> <https://lucene.472066.n3.nabble.com/file/t495331/solr-authentication.png>
>
>
>
>
> --
> Sent from: https://lucene.472066.n3.nabble.com/Solr-User-f472068.html