Are both clusters setup with the same Identity Provider, so the same JWT token
would be valid for both clusters?
If so, it should be (theoretically) possible to have the clusters talk to each
other, if you can get them to forward the Authorization header with the JWT.
Whoever is sending calls to /solr/express_shard1_replica_n3/cdcr will have to
make sure to forward JWT and not just rely on PKI.
PKI won’t work since the two clusters have different ZK and Solr by default
only trust PKI between nodes registered in ZK.
You could try 'forwardCredentials:true' in security.json, but I’m not sure that
is enough here. There may be code changes needed in CDCR components.
Jan
> 24. jun. 2020 kl. 19:42 skrev Phatkar, Swapnil (Contractor)
> <swapnil.phat...@transunion.com.INVALID>:
>
> Hi Team ,
>
> I am trying to configure CDCR for SOLR 8.4.1 .
> With the provided configuration I can able to replicate the indexes from
> Source server to Target server. This setup even works with SSL configuration
> using Https protocol.
> But the moment I have introduced JWT authorization by enforcing security.json
> on both the server. I got an error at Target server side as shown below.
> Due to which the index were not getting replicated at target server.
>
> ERROR :
>
> 0200623 12:29:55.956 [ERROR] {qtp892083096-82} [ ]
> [org.apache.solr.security.PKIAuthenticationPlugin, 119] |
> Could not decipher a header <SouceIp>:8983_solr
> $$$$$$$. No principal set
>
> Caused by: java.util.concurrent.ExecutionException:
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:
> Error from server at https://<TargetIP>:8983/solr/express_shard1_replica_n3:
> Expected mime type application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 Require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/express_shard1_replica_n3/cdcr. Reason:
> <pre> Require authentication</pre></p>
> </body>
> </html>
>
>
> Caused by:
> org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException: Error
> from server at
> https://<TargetIP>:8983/solr/express_shard1_replica_n3: Expected mime type
> application/octet-stream but got text/html. <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
> <title>Error 401 Require authentication</title>
> </head>
> <body><h2>HTTP ERROR 401</h2>
> <p>Problem accessing /solr/express_shard1_replica_n3/cdcr. Reason:
> <pre> Require authentication</pre></p>
> </body>
> </html>
>
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.executeMethod(HttpSolrClient.java:629)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:265)
> at
> org.apache.solr.client.solrj.impl.HttpSolrClient.request(HttpSolrClient.java:248)
> at
> org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1290)
> at
> org.apache.solr.handler.CdcrRequestHandler$SliceCheckpointCallable.call(CdcrRequestHandler.java:868)
> at
> org.apache.solr.handler.CdcrRequestHandler$SliceCheckpointCallable.call(CdcrRequestHandler.java:845)
>
>
> Thanks and Regards,
> Swapnil Phatkar
> 9167320216
>
