[
https://issues.apache.org/jira/browse/SOLR-14440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093992#comment-17093992
]
Mike Drob commented on SOLR-14440:
----------------------------------
I _think_ we don't need to do much in the way of validation of the certificate
here, because we already have those settings in the Jetty container. Everything
like validating the cert chain up until a trusted source and validating the
peer name/IP address listed in the cert should be taken care of before we even
see the certificate?
> Provide Certificate Authentication Plugin
> -----------------------------------------
>
> Key: SOLR-14440
> URL: https://issues.apache.org/jira/browse/SOLR-14440
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Mike Drob
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As described in [this
> comment|https://issues.apache.org/jira/browse/SOLR-4407?focusedCommentId=14308429&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14308429]
> on SOLR-4407, while we support Client SSL certificates we do not have a way
> to use them with authentication and authorization in an end-to-end fashion.
> Specifically, we don't have an easy (or any?) way to load the certificate
> subject via a user principal into the AuthorizationContext.
> The work in SOLR-10814 would also be good here, since the subject can have
> much more than just the CN, for example it can have locations and
> organizational units. {{C=US, ST=California, L=San Francisco, O=Wikimedia
> Foundation, Inc., CN=*.wikipedia.org}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
