Additional option for Search Services to authenticate with a shared secret

Description

The tracking REST APIs in content repository now have an option to use a shared secret to authenticate.
This a a simple method to protect the API and not expose the APIs unprotected ().

Acceptance criteria:

  • Implement a new authentication method in SS and IE

  • Shared secret should be able to be set as an environment variable or similar without a property file.

  • Add integration tests

  • Update documentation

Note, the implementation on the repository side: https://github.com/Alfresco/alfresco-community-repo/pull/334
It is supported from ACS 7.0

Activity

Show:
Angel Borroy
2 days ago

Using parameter -Dsolr.sharedSecret=secret for ACS 7.0.0 provokes an Exception during initialisation that prevents the Repository to be started.

Angel Borroy
4 days ago
Edited

Currently repository is accepting requests from SOLR using “secret” authentication, but it’s not sending requests to SOLR using this new authentication.

It’s also required to develop this part in Repo side along with the SOLR support for “secret” authentication.

Ticket has been resized to 20 points.

Assignee

Angel Borroy

Reporter

Alex Mukha

Labels

None

Release Train

None

Delivery Team

None

Story Points

20

Epic Link

Priority

Unprioritized