Hi
Can you take a screenshot of the 401 error page you see (without login form)?
Also, perhaps you could do a curl -I (show headers) request to your Solr and
show what headers that Solr returns instead of the www-authenticate header?
Jan
> 23. mar. 2019 kl. 15:34 skrev a...@sigil.red:
>
> Hi
>
> SOLR-7896 made some changes to the admin ui login. After the changes I can no
> longer log in at all.
>
> I'm running standalone solr 7.7 (same with 8.0) with the following
> security.json:
>
>> {
>> "authentication": {
>> "class": "solr.BasicAuthPlugin",
>> "blockUnknown": true,
>> "credentials": {
>> "solr": "<hash for empty password string>"
>> },
>> },
>> "authorization": {
>> "class": "solr.RuleBasedAuthorizationPlugin",
>> "permissions": [
>> {
>> "name": "all",
>> "role": "admin"
>> }
>> ],
>> "user-role": {
>> "solr": "admin"
>> }
>> }
>> }
>
> Opening the UI at http://localhost:8080/solr/ shows an error page with 401.
> The login page is not displayed because of the "all" permission being
> required. The browser's basic auth popup is not shown because the
> WWW-Authenticate header is not present. Changing the
> RuleBasedAuthorizationPlugin required permission from "all" to
> "security-edit" makes the login page appear.
>
> The above basic auth + "all" permission was working ok with solr 7.5, but no
> longer works with 7.7+. Is this behaviour intended and/or documented?
>
> Another issue is with using empty password strings. This used to work with
> the browser's native basic auth, but not by the login page ("Password is
> required" error). Is there some way to use an empty password with the login
> page? If not, is there a way to continue using the browser's native basic
> auth?
>
> Best regards
>
