Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add logout functionality to brokered Solr instances #3274

Closed
1 task
FuhuXia opened this issue Jun 3, 2021 · 3 comments · Fixed by GSA-TTS/datagov-brokerpak-solr#23
Closed
1 task

Add logout functionality to brokered Solr instances #3274

FuhuXia opened this issue Jun 3, 2021 · 3 comments · Fixed by GSA-TTS/datagov-brokerpak-solr#23
Assignees
@nickumia-reisys
Labels
bug Software defect or bug compliance Relating to security compliance or documentation component/solr-service Related to Solr-as-a-Service, a brokered Solr offering Feature POAM Issues that should also be appearing in POAM lists
Milestone
Sprint 20210930

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Jun 3, 2021

Please keep any sensitive details in Google Drive.

Date of report: 2021-05-26
Severity: Moderate
Due date: 2021-08-26

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description
@FuhuXia FuhuXia added compliance Relating to security compliance or documentation bug Software defect or bug labels Jun 3, 2021
@FuhuXia FuhuXia added this to the July 2021 milestone Jun 7, 2021
@mogul mogul added the component/solr-service Related to Solr-as-a-Service, a brokered Solr offering label Jun 17, 2021
@mogul mogul added the POAM Issues that should also be appearing in POAM lists label Jul 20, 2021
@mogul mogul mentioned this issue Jul 26, 2021
Closed
1 task
@mogul
Copy link
Contributor

mogul commented Jul 26, 2021

Looks like the best way to handle this is to just enable the solr-operator's support for managing authentication.

@mogul mogul self-assigned this Jul 26, 2021
@mogul mogul modified the milestones: July 2021, September 2021 Jul 29, 2021
@nickumia-reisys nickumia-reisys mentioned this issue Sep 17, 2021
Merged
@nickumia-reisys
Copy link
Contributor

We shifted from Basic Authentication in NGINX to Basic Authentication in Solr because the Solr UI natively supports login/logout. I think for this issue, keeping Authentication in Solr is the best option.

@nickumia-reisys
Copy link
Contributor

Key Updates for Review:

  • Switched from NGINX BasicAuth to Solr native BasicAuth
  • As of 8.6, Solr native BasicAuth implements custom login/logout UI through an AngularJS library.
  • Prior to 8.6, Solr native BasicAuth is implemented through browser-enabled HTTPBasicAuth (in the same way as NGINX).
  • Tests were written to verify that the brokerpak created/destroyed/sandboxed credentials appropriately.
  • The login/logout UI test is not automated, but it does pass manual testing.

@mogul mogul reopened this Sep 30, 2021
@mogul mogul removed their assignment Sep 30, 2021
@mogul mogul modified the milestones: September 2021, Sprint 20210930 Sep 30, 2021
@mogul mogul closed this as completed Sep 30, 2021
@nickumia-reisys nickumia-reisys mentioned this issue Nov 5, 2021
Closed
@mogul mogul moved this to Done in data.gov team board Dec 4, 2021
@nickumia-reisys nickumia-reisys moved this from ✔ Done to 🗄 Closed in data.gov team board Oct 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nickumia-reisys nickumia-reisys

Labels
bug Software defect or bug compliance Relating to security compliance or documentation component/solr-service Related to Solr-as-a-Service, a brokered Solr offering Feature POAM Issues that should also be appearing in POAM lists
Projects
data.gov team board
Archived in project
Milestone
Sprint 20210930
Development

Successfully merging a pull request may close this issue.

Add Solr Operator Authentication GSA-TTS/datagov-brokerpak-solr
3 participants
@mogul @FuhuXia @nickumia-reisys