subject:"\[GitHub\] \[solr\] janhoy commented on pull request #355\: SOLR\-12666\: Add authn \& authz plugins that supports multiple authentication schemes, such as Bearer and Basic"

[GitHub] [solr] janhoy commented on pull request #355: SOLR-12666: Add authn & authz plugins that supports multiple authentication schemes, such as Bearer and Basic

2021-10-27 Thread GitBox

janhoy commented on pull request #355: URL: https://github.com/apache/solr/pull/355#issuecomment-953053969 > Not sure why this is a concern? Locking down endpoints to a specific role (or roles) is why we have the authorization framework. The introduction of the `MultiAuthPlugin` really has

[GitHub] [solr] janhoy commented on pull request #355: SOLR-12666: Add authn & authz plugins that supports multiple authentication schemes, such as Bearer and Basic

2021-10-21 Thread GitBox

janhoy commented on pull request #355: URL: https://github.com/apache/solr/pull/355#issuecomment-948521927 A concern with enabling BasicAuth is that it is less secure than OIDC which has a expiry of tokens, while a password is long-lived. To mitigate this added surface area, I wonder how e