[
https://issues.apache.org/jira/browse/SOLR-13071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17294868#comment-17294868
]
Jan Høydahl commented on SOLR-13071:
------------------------------------
To avoid adding token to solr.in.sh you can use same technique as basicAuth,
see
https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/util/SolrCLI.java#L4017:L4033
and
https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/util/SolrCLI.java#L4120:L4123
So you can add the token to a separate file readable only to Solr and add to
solr.in.sh
{code:java}
SOLR_AUTH_TYPE=token
SOLR_AUTHENTICATION_OPTS=-Dsolr.auth.jwt.tokenFile=/path/to/tokenfile
{code}
> Add JWT Auth support in bin/solr
> --------------------------------
>
> Key: SOLR-13071
> URL: https://issues.apache.org/jira/browse/SOLR-13071
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
> Reporter: Jan Høydahl
> Priority: Major
>
> Once SOLR-12121 gets in, we should add support to {{bin/solr}} start scripts
> so they can authenticate with Solr using a JWT token. A preferred way would
> perhaps be through {{solr.in.sh}} and add new
> {noformat}
> SOLR_AUTH_TYPE=token
> SOLR_AUTHENTICATION_OPTS=-DjwtToken=....
> {noformat}
> A disadvantage with this method is that the user needs to know how to obtain
> the token, and the token needs to be long-lived. A more sophisticated way
> would be a {{bin/solr auth login}} command that opens a browser window with
> the IDP login screen and saves the short-lived access token and optionally
> refresh token, in the file system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
