Please check the error message in solr.log on the server side and paste that here. Could be a bug 🕷
Jan Høydahl > 10. sep. 2019 kl. 18:51 skrev Tyrone Tse <tyrone...@hotmail.com>: > > Jan using https://mkjwk.org/ > I generated the following JWK > > { > > "kty": "oct", > "use": "sig", > "kid": "solr", > "k": > "pIpVnjhuAj9DBg8e2lwya7o_uZMM3Wqo2eK0uchOza0vBS-orZNYTkLcHTLXF9JaCBR08tWfFEWVPENF6sXKuaj8Mn65Kc3QUmS-csblVvjj69dXk2Mi-Zs2iDDM3QyyvdiyRpfxE-xKwwjhU47xs7M0Dq69I1UE5nrFkczLf9qe3b47ha3eBQDm1_zg8EVwxadJ7gfQ97jn2MtT6hHrts9YD6_Z_heAdYC2QYjBBIdEXzZgHSKqmPNNhDvAChF9AfmNiUlfAG_g0jMMLKYEUv6ck3KJA6A1JBq1iEstjvF7hchFgdgyVRCR5P8UM6n6Hb0YrHjjANyEYIZD9mFfBQ", > "alg": "HS256" > } > > So I put the generated JWK into my solr server security.json file like this > > { > "authentication": { > "class":"solr.JWTAuthPlugin", > "blockUnknown": true, > "jwk" : { > "kty": "oct", > "use": "sig", > "kid": "solr", > "k": > "pIpVnjhuAj9DBg8e2lwya7o_uZMM3Wqo2eK0uchOza0vBS-orZNYTkLcHTLXF9JaCBR08tWfFEWVPENF6sXKuaj8Mn65Kc3QUmS-csblVvjj69dXk2Mi-Zs2iDDM3QyyvdiyRpfxE-xKwwjhU47xs7M0Dq69I1UE5nrFkczLf9qe3b47ha3eBQDm1_zg8EVwxadJ7gfQ97jn2MtT6hHrts9YD6_Z_heAdYC2QYjBBIdEXzZgHSKqmPNNhDvAChF9AfmNiUlfAG_g0jMMLKYEUv6ck3KJA6A1JBq1iEstjvF7hchFgdgyVRCR5P8UM6n6Hb0YrHjjANyEYIZD9mFfBQ", > "alg": "HS256" > } > } > } > > Then I went to https://jwt.io/ to generate the JWT using the value of > "k": > "pIpVnjhuAj9DBg8e2lwya7o_uZMM3Wqo2eK0uchOza0vBS-orZNYTkLcHTLXF9JaCBR08tWfFEWVPENF6sXKuaj8Mn65Kc3QUmS-csblVvjj69dXk2Mi-Zs2iDDM3QyyvdiyRpfxE-xKwwjhU47xs7M0Dq69I1UE5nrFkczLf9qe3b47ha3eBQDm1_zg8EVwxadJ7gfQ97jn2MtT6hHrts9YD6_Z_heAdYC2QYjBBIdEXzZgHSKqmPNNhDvAChF9AfmNiUlfAG_g0jMMLKYEUv6ck3KJA6A1JBq1iEstjvF7hchFgdgyVRCR5P8UM6n6Hb0YrHjjANyEYIZD9mFfBQ", > > for the secret key > > My JWT header > { > "alg": "HS256", > "typ": "JWT" > } > > Payload > > { > "sub": "1234567890", > "name": "John Doe", > "iat": 1516239022 > } > > Secret key > pIpVnjhuAj9DBg8e2lwya7o_uZMM3Wqo2eK0uchOza0vBS-orZNYTkLcHTLXF9JaCBR08tWfFEWVPENF6sXKuaj8Mn65Kc3QUmS-csblVvjj69dXk2Mi-Zs2iDDM3QyyvdiyRpfxE-xKwwjhU47xs7M0Dq69I1UE5nrFkczLf9qe3b47ha3eBQDm1_zg8EVwxadJ7gfQ97jn2MtT6hHrts9YD6_Z_heAdYC2QYjBBIdEXzZgHSKqmPNNhDvAChF9AfmNiUlfAG_g0jMMLKYEUv6ck3KJA6A1JBq1iEstjvF7hchFgdgyVRCR5P8UM6n6Hb0YrHjjANyEYIZD9mFfBQ > > Which generates the following encoded JWT > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ZdtjglSME79nlq5HJs0bUYiFkSlDKytKS07IMWz9o44 > > > So I then tried to use the JWT encoded value in a curl command to Solr > as follows > > curl -H "Authorization: Bearer > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ZdtjglSME79nlq5HJs0bUYiFkSlDKytKS07IMWz9o44" > http://localhost:8983/solr/admin/info/system > > I get the error message > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 401 JWT validation failed</title> > </head> > <body><h2>HTTP ERROR 401</h2> > <p>Problem accessing /solr/admin/info/system. Reason: > <pre> JWT validation failed</pre></p> > </body> > </html> > > > Am I missing something in my security.json file ? > > > > > > > > >> On Tue, Sep 10, 2019 at 5:30 AM Jan Høydahl <jan....@cominvent.com> wrote: >> >> I think you are confusing JWK with the JWT token. JWK is only for defining >> the key, see https://mkjwk.org for an online JWK generator, you can >> choose HS256 as algorithm. Put the generated JWK in Solr's config and also >> use the generated key to sign your JWT. Then Solr should be able to >> validate the JWT. >> >> -- >> Jan Høydahl, search solution architect >> Cominvent AS - www.cominvent.com >> >>> 10. sep. 2019 kl. 01:21 skrev Tyrone <tyrone....@gmail.com>: >>> >>> Jan >>> >>> Can my jwk object be something like >>> >>> {alg": "HS256", "typ": "JWT", >>> >>> "sub": "1234567890", "name": "John Doe", "iat": 1516239022, >>> >>> “k" : "secret-key"} >>> >>> Where k is the JWT secret key? >>> >>> >>> Sent from my iPhone >>> >>>> On Sep 9, 2019, at 1:48 AM, Jan Høydahl <jan....@cominvent.com> wrote: >>>> >>>> In your security.json, add a JWK matching your signing algorithm, using >> the “jwk” JSON key. >>>> >>>> Example: >>>> “jwk” : { "kty" : "oct", "kid" : >> "0afee142-a0af-4410-abcc-9f2d44ff45b5", "alg" : "HS256", "k" : >> "FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ" } >>>> >>>> Of course you need to find a way to encode your particular secret in >> jwk format, there should be plenty of tools available for that. If you >> intend to use symmetric key in prod you have to configure solr so that >> security.json is not readable for anyone but the admin! >>>> >>>> Jan Høydahl >>>> >>>>> 9. sep. 2019 kl. 05:46 skrev Tyrone <tyrone....@gmail.com>: >>>>> >>>>> HS256 >> >>
