Configure User Delegation for the Apache Solr Connector
This applies to: Visual Data Discovery
User delegation is supported by Symphony Apache Solr connectors.
Prerequisites
A Solr Cloud cluster, version 6.4 or later, with Kerberos authentication must be available.
Configuration Steps
User delegation configuration for Solr is performed in two steps:
-
Enable Kerberos delegation tokens.
To enable Kerberos delegation tokens, set the Solr configuration parameter
solr.kerberos.delegation.token.enabledtotrue(see Using Delegation Tokens in the Kerberos Authentication Plugin documentation) in thesolr.in.shfile on each Solr node. -
Configure proxy users and delegates.
Configuration of proxy users and delegates is performed using these parameters in the
solr.in.shfile on each Solr node:-
solr.kerberos.impersonator.user.<USER>.users -
solr.kerberos.impersonator.user.<USER>.groups -
solr.kerberos.impersonator.user.<USER>.hosts.
Consider the following example:
solr.kerberos.impersonator.user.proxy_user.groups=finance,marketing
solr.kerberos.impersonator.user.proxy_user.hosts=*In this configuration, user
proxy_usercan impersonate users belonging to groupsfinanceormarketingwhen connecting to a Solr instance from any host.all these parameters should be stored in file
solr.in.shon each Solr node. -