SOLR-13116: Add Admin UI login support for Kerberos

(cherry picked from commit e515a91406)

solr/CHANGES.txt

@@ -193,6 +193,8 @@ New Features
 
 * SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth (janhoy)
 
+* SOLR-13116: Add Admin UI login support for Kerberos (janhoy, Jason Gerlowski) 
+
 * SOLR-11126: New Node-level health check handler at /admin/info/healthcheck and /node/health paths that
   checks if the node is live, connected to zookeeper and not shutdown. (Anshum Gupta, Amrit Sarkar, shalin)
   

solr/webapp/web/css/angular/login.css

@@ -41,6 +41,12 @@ limitations under the License.
   margin-bottom: 1rem;
 }
 
+#content #login a
+{
+  color: #0000bf;
+  cursor: pointer;
+}
+
 #content #login .login-error
 {
   font-size: 1rem;

solr/webapp/web/js/angular/controllers/login.js

@@ -27,9 +27,13 @@ solrAdminApp.controller('LoginController',
         var authScheme = sessionStorage.getItem("auth.scheme");
         if (wwwAuthHeader) {
           // Parse www-authenticate header
-          var wwwHeader = wwwAuthHeader.match(/(\w+)\s+(.*)/);
+          var wwwHeader = wwwAuthHeader.match(/(\w+)(\s+)?(.*)/);
+          authScheme = "unknown";
+          var authParams = {};
+          if (wwwHeader && wwwHeader.length >= 1)
             authScheme = wwwHeader[1]; 
-          var authParams = www_auth_parse_params(wwwHeader[2]);
+          if (wwwHeader && wwwHeader.length >= 3)
+            authParams = www_auth_parse_params(wwwHeader[3]);
           if (typeof authParams === 'string' || authParams instanceof String) {
             $scope.authParamsError = authParams;
           } else {
@@ -43,7 +47,7 @@ solrAdminApp.controller('LoginController',
           sessionStorage.setItem("auth.scheme", authScheme);
         }
 
-        var supportedSchemes = ['Basic', 'Bearer'];
+        var supportedSchemes = ['Basic', 'Bearer', 'Negotiate'];
         $scope.authSchemeSupported = supportedSchemes.includes(authScheme);
         $scope.authScheme = sessionStorage.getItem("auth.scheme");
         $scope.authRealm = sessionStorage.getItem("auth.realm");

solr/webapp/web/partials/login.html

@@ -60,6 +60,22 @@ limitations under the License.
 
   </div>
 
+  <div ng-show="authScheme === 'Negotiate'">
+    <h1>Kerberos Authentication</h1>
+    <p>Your browser did not provide the required information to authenticate using Kerberos. 
+      Please check that your computer has a valid ticket for communicating with Solr, 
+      and that your browser is properly configured to provide that ticket when required. 
+      For more information, consult 
+      <a href="https://lucene.apache.org/solr/guide/kerberos-authentication-plugin.html">
+        Solr's Kerberos documentation
+      </a>.
+    </p>
+    The response from the server was:
+    <hr/>
+    <pre>HTTP 401 {{statusText}}
+WWW-Authenticate: {{wwwAuthHeader}}</pre>
+    <hr/>
+  </div>
   
   <div ng-show="!authSchemeSupported">
     <h1>Authentication scheme not supported</h1>