Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-17247

'WWW-Authenticate' headers missing in MultiAuthPlugin

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 9.7
    • Authentication
    • None

    Description

      MultiAuthPlugin does not return WWW-Authenticate' headers

      When returning a 401 response a Web application needs to indicate to the client what authentication challenges it supports, otherwise an exception like "HTTP protocol violation: Authentication challenge without WWW-Authenticate header“ is raised.

      Solr’s MultiAuthPlugin does not supports this.  Solr should return the list of supported schemes (challenges).

       

      According to HTTP RFC 7235:

      The 401 (Unauthorized) status code indicates that the request has not
      been applied because it lacks valid authentication credentials for
      the target resource. The server generating a 401 response MUST send
      a WWW-Authenticate header field (Section 4.1) containing at least one
      challenge applicable to the target resource.

      Attachments

        Issue Links

          Activity

            People

              epugh Eric Pugh
              Idjeraoui Lamine
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m