[
https://issues.apache.org/jira/browse/SOLR-12666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl updated SOLR-12666:
-------------------------------
Description:
Solr is getting support for more authentication plugins year by year, and
customers have developed their own in-house plugins as well.
At the same time we see more and more JIRAs to add *BasicAuth* support to
various Solr clients such as SOLR-12584 (Solr Exporter), SOLR-9779 (Streaming
expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 (JDBC),
SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming expression
daemon), SOLR-12526 (metrics history), SOLR-11759
(DocExpirationUpdateProcessor), SOLR-11959 (CDCR) and probably more.
Currently the framework supports *only one active Auth method* (except PKI
which is special). Which means that if you use something else than BasicAuth,
you're lucky if you get any of the above features to work with your cluster.
Even the AdminUI only supports BasicAuth (implicit via browser).
I think the solution is to allow more than one auth plugin to be active at the
same time, allowing people to use their custom fancy auth which is tightly
integrated with their environment, and at the same time activate BasicAuth for
use with other clients that do not support the primary auth method.
was:
Solr is getting support for more authentication plugins year by year, and
customers have developed their own in-house plugins as well.
At the same time we see more and more requests to add *BasicAuth* support to
various Solr clients such as SOLR-12584 (Solr Exporter), SOLR-9779 (Streaming
expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 (JDBC),
SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming expression
daemon).
Currently the framework supports *only one active Auth method* (except PKI
which is special). Which means that if you use something else than BasicAuth,
you're lucky if you get any of the above features to work with your cluster.
Even the AdminUI only supports BasicAuth (implicit via browser).
I think the solution is to allow more than one auth plugin to be active at the
same time, allowing people to use their custom fancy auth which is tightly
integrated with their environment, and at the same time activate BasicAuth for
use with other clients that do not support the primary auth method.
> Support multiple AuthenticationPlugin's simultaneoulsy
> ------------------------------------------------------
>
> Key: SOLR-12666
> URL: https://issues.apache.org/jira/browse/SOLR-12666
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication, security
> Reporter: Jan Høydahl
> Priority: Major
> Labels: authentication
>
> Solr is getting support for more authentication plugins year by year, and
> customers have developed their own in-house plugins as well.
> At the same time we see more and more JIRAs to add *BasicAuth* support to
> various Solr clients such as SOLR-12584 (Solr Exporter), SOLR-9779 (Streaming
> expressions), SOLR-11356 (ConcurrentUpdateSolrClient), SOLR-8213 (JDBC),
> SOLR-12583 (Subquery docTransformer) and SOLR-10322 (Streaming expression
> daemon), SOLR-12526 (metrics history), SOLR-11759
> (DocExpirationUpdateProcessor), SOLR-11959 (CDCR) and probably more.
> Currently the framework supports *only one active Auth method* (except PKI
> which is special). Which means that if you use something else than BasicAuth,
> you're lucky if you get any of the above features to work with your cluster.
> Even the AdminUI only supports BasicAuth (implicit via browser).
> I think the solution is to allow more than one auth plugin to be active at
> the same time, allowing people to use their custom fancy auth which is
> tightly integrated with their environment, and at the same time activate
> BasicAuth for use with other clients that do not support the primary auth
> method.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
