I ran the following command to enable basic auth for my Solr installation:
It created the security policy with blockUnknown=false. That's an issue with arg parsing in BASH (easy to fix) ... the bigger issue is the Admin UI relies on getting a 401 from the backend to show login / logout but with blockUnknown=false, this never shows.
The auth utility only creates role bindings for the following predefined permissions:
The problem is when blockUnknown=false, the UI doesn't hit any endpoints that trigger a 401 to cause the Admin UI to prompt for a login. I think the initial security.json created by the auth tool should also include:
The config-edit is needed for the new Schema Designer UI and we shouldn't allow un-authenticated users to edit configs anyway.
With these two new permissions in place, when an un-authenticated user navigates to the new Security screen, they will be redirected to login.