SOLR-13116: Add Admin UI login support for Kerberos

(cherry picked from commit e515a91406)
2019-01-17 14:25:08 +01:00 · 2019-01-17 14:25:08 +01:00 · 2be452d473
parent 7bcad94325
commit 2be452d473
4 changed files with 33 additions and 5 deletions
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -193,6 +193,8 @@ New Features

 * SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth (janhoy)

+* SOLR-13116: Add Admin UI login support for Kerberos (janhoy, Jason Gerlowski) 
+
 * SOLR-11126: New Node-level health check handler at /admin/info/healthcheck and /node/health paths that
  checks if the node is live, connected to zookeeper and not shutdown. (Anshum Gupta, Amrit Sarkar, shalin)
  
--- a/solr/webapp/web/css/angular/login.css
+++ b/solr/webapp/web/css/angular/login.css
@ -41,6 +41,12 @@ limitations under the License.
  margin-bottom: 1rem;
 }

+#content #login a
+{
+  color: #0000bf;
+  cursor: pointer;
+}
+
 #content #login .login-error
 {
  font-size: 1rem;
--- a/solr/webapp/web/js/angular/controllers/login.js
+++ b/solr/webapp/web/js/angular/controllers/login.js
@ -27,9 +27,13 @@ solrAdminApp.controller('LoginController',
        var authScheme = sessionStorage.getItem("auth.scheme");
        if (wwwAuthHeader) {
          // Parse www-authenticate header
-          var wwwHeader = wwwAuthHeader.match(/(\w+)\s+(.*)/);
-          authScheme = wwwHeader[1];
-          var authParams = www_auth_parse_params(wwwHeader[2]);
+          var wwwHeader = wwwAuthHeader.match(/(\w+)(\s+)?(.*)/);
+          authScheme = "unknown";
+          var authParams = {};
+          if (wwwHeader && wwwHeader.length >= 1)
+            authScheme = wwwHeader[1]; 
+          if (wwwHeader && wwwHeader.length >= 3)
+            authParams = www_auth_parse_params(wwwHeader[3]);
          if (typeof authParams === 'string' || authParams instanceof String) {
            $scope.authParamsError = authParams;
          } else {
@ -43,7 +47,7 @@ solrAdminApp.controller('LoginController',
          sessionStorage.setItem("auth.scheme", authScheme);
        }

-        var supportedSchemes = ['Basic', 'Bearer'];
+        var supportedSchemes = ['Basic', 'Bearer', 'Negotiate'];
        $scope.authSchemeSupported = supportedSchemes.includes(authScheme);
        $scope.authScheme = sessionStorage.getItem("auth.scheme");
        $scope.authRealm = sessionStorage.getItem("auth.realm");
--- a/solr/webapp/web/partials/login.html
+++ b/solr/webapp/web/partials/login.html
@ -60,7 +60,23 @@ limitations under the License.

  </div>

-
+  <div ng-show="authScheme === 'Negotiate'">
+    <h1>Kerberos Authentication</h1>
+    <p>Your browser did not provide the required information to authenticate using Kerberos. 
+      Please check that your computer has a valid ticket for communicating with Solr, 
+      and that your browser is properly configured to provide that ticket when required. 
+      For more information, consult 
+      <a href="https://lucene.apache.org/solr/guide/kerberos-authentication-plugin.html">
+        Solr's Kerberos documentation
+      </a>.
+    </p>
+    The response from the server was:
+    <hr/>
+    <pre>HTTP 401 {{statusText}}
+WWW-Authenticate: {{wwwAuthHeader}}</pre>
+    <hr/>
+  </div>
+  
  <div ng-show="!authSchemeSupported">
    <h1>Authentication scheme not supported</h1>