Accessing Solr 9 with Certificate Authentication Plugin fails
I am currently working on setting up a new Solr 9 (9.2 to be exact) cluster. As of now I have 2 Solr nodes, one external ZooKeeper and I have documents in my index.
Once I have had that working, I moved to enabling HTTPS (with a self signed certificate), which has also worked just fine.
The last step was to secure Solr access by using the (new) Certificate Authentication Plugin
I have edited my security.json with the example from that page, namely:
"authentication": {
"class": "org.apache.solr.security.CertAuthPlugin"
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "all",
"role": [
"admin-role"
]
}
],
"user-role": {
"CN=B---1,O=---CA,S=NY,C=US": [
"admin-role"
]
}
}
(some fields above have been redacted for privacy)
Uploaded it to ZooKeeper and restarted my Solr nodes.
Only to be granted with the next error in the Solr Admin UI:
After playing around a bit with the browser I also got this error, which didn't get my anywhere
Trying the perform a SELECT through Postman, unfortunately also returns the error:
Error 401 require certificateHTTP ERROR 401 require certificate
URI: /solr/documents/select STATUS: 401 MESSAGE: require certificate SERVLET: default
Despite the fact that I do see the certificate indeed being attached to the request.
Does anyone have any experience with this? Any insights on what I might be doing wrong? The documentation, unfortunately, doesn't shed much light on this topic, let alone, troubleshooting.
Thanks!
Turned out I had to set the next variable in solr.in.cmd:
set SOLR_SSL_WANT_CLIENT_AUTH=true
Once I did that it started to respond properly in Postman (not in the browser though when trying to access the Solr Admin UI)
It seem that it's required in order for it to "listen" or rather, accept the certificate.
As mentioned at: https://solr.apache.org/guide/solr/latest/deployment-guide/enabling-ssl.html#set-common-ssl-related-system-properties (in the Client Authentication Settings warning)
- Solr causes problem with and without hashtag in command line parameter
- How to Specify Managed Resource Path in Solr
- Sending JSON Data to Solr using cUrl
- Initializing SolrCores in ddev for TYPO3 v12 fails
- Solr in Docker container unable to work with persistent data store
- solr - basic authentication
- Solr: Searching with/without spaces in keywords
- Solr commit and optimize questions
- Spring Boot app: Not picking up application.properties?
- How to perform a search in a Multivalued Field in Solr?
- How multiple index files can be used with Solrnet(lucene)?
- How do I find out version of currently running Solr?
- I can't seem to find org.apache.lucene.facet.search.params.IFieldSet in Lucene 4.1.0 source even though the JAR from maven has it
- Solr Sort Hybris
- solr - Error after changing security.json to JWT - Searching for Solr? You must type the correct path. Solr will respond
- Migrating from Standalone Apache SOLR to SOLR Cloud
- What JavaServlet is used for the Solr Instace within Laradock?
- How can I increase the amount of available memory available Solr in a Docker container?
- Solr Query with LIKE Clause
- Caused by: org.apache.solr.common.SolrException: Index locked for write for core
- How to install JTS in Solr 4?
- How to change distance function in `langchain` similarity_search
- Solr exact word search
- What has changed that broke this Solr Query?
- Does SOLR support percolation
- how to solve org.apache.lucene.index.CorruptIndexException error in Apache Solr?
- Solr Range Query Does not work in Proper way for some fields
- How to condition TYPO3 Solr sortBy
- Trying Solr 9.3 with Spring Boot 3
- Solr 'Invalid Date String' Exception