Good morning, While trying to migrate from SOLR 9 to 10 using the official Docker images, I noticed that authentication using SSL certificates did not work anymore. I found out that, as I was using SOLR_SSL_NEED_CLIENT_AUTH, and that the SSL connection level does work and is established, the request attribute that carries the client cert is not "javax.servlet.request.X509Certificate" anymore in jetty-12, which is used in the Official SOLR Docker image : it became "jakarta.servlet.request.X509Certificate". I tested the attribute change by building SOLR and the Docker Image from source : it worked. So I guess it might be good to change, or add a parameter to be able to configure the lookup attribute in security.json. Can someone have a look ?
Besides that, I also tried the CertAuthPlugin User Principal Extraction , and noticed something strange with the "subject.dn" path : the order of the components in the Distinguished Name was not the same as the default method. In detail : - openssl x509 -text outputs O, OU and then CN for the SSL certificate - CertAuthPlugin.DEFAULT_PRINCIPAL_RESOLVER gives CN, OU, O - Extraction with "subject.dn" gives CN, O, OU I assume the Role Based Authorization Plugin uses the principal extraction as a string, so the order of the elements does matter. However, I haven't investigated this behavior further yet. Thanks Jean-Marie Heitz
