Shared Secret Communication Mode for Repository and SOLR

Showing results for 
Search instead for 
Did you mean: 

Shared Secret Communication Mode for Repository and SOLR

Alfresco Employee
1 13 10.2K

ACS 7.1 includes a new mode for Alfresco/SOLR Communication named secret.

This is an additional mode to the existent ones (http and mtls) that provides an intermmediate level of security to protect this communications from unauthorized access.

Communication between Repository and SOLR happens using plain HTTP protocol with a Shared Secret in HTTP Header.

Configuration for Alfresco Repository

Recommended settings for or Java Environment variables.

You may use a more complex secret word than "secret" for your "solr.sharedSecret" property.

Configuration for Search Services

Recommended settings for (remember to add these settings to both cores: alfresco and archive)

You must use the same secret word configured in repository property ("solr.sharedSecret") as "alfresco.secureComms.secret" value.

This mode doesn't include authentication by default, but it will require to add the shared secret word ("secret" in the abova sample) in HTTP Header requests using by default X-Alfresco-Search-Secret property.

Accessing SOLR Web Console requires using a Browser plugin to add this header to the HTTP Request.

Additional information

More information about Alfresco/SOLR Communication modes is available in:

Deployment source code for the different modes is available in

About the Author
Angel Borroy is Hyland Developer Evangelist. Over the last 15 years, he has been working as a software architect on Java, BPM, document management and electronic signatures. He has been working with Alfresco during the last years to customize several implementations in large organizations and to provide add-ons to the Community based on Record Management and Electronic Signature. He writes (sometimes) on his personal blog He is (proud) member of the Order of the Bee.
Senior Member

Hello @angelborroy and thank you for the new feature.

I've been testing it out with Alfresco Community 7.1 and I can tell it works pretty well when "alfresco.secureComms.secret" is passed via a console argument ( -Dalfresco.secureComms.secret=xxx) but is not detected when specified in the solrcore.proprties (alfresco.secureComms.secret=xxx)

Caused by: java.lang.RuntimeException: Missing value for alfresco.secureComms.secret configuration property

Do you have any idea if I am doing sth wrong or is it a bug?

Alfresco Employee

Are you including the property in both files for alfresco and archive cores?

Senior Member

@angelborroy  I include it both in the rerank and noRerank templates. Before alfresco and archive cores are created.

Alfresco Employee

You're right @upforsin 

I was able to reproduce it locally and getting the same error.

I've opened an issue to fix that.


Active Member

Hello Community,

I'm a beginner working on deploying alfresco 7.2 using Docker Compose.

I'm a bit stuck at starting the Solr service in the browser with the url  http://localhost:8083/solr. Research says to use a plugin for secret communication mode (witch is default on Alfresco 7.2).

I would like to know if it has a specific plugin that needs to be added; if not, which one do you recommend on Ubuntu using firefox browser. Or is there any other way to solve this probem?

This is what the http://localhost:8083/solr page displays:


Problem accessing /solr/. Reason:

Authentication failure: "secret" method has been selected, use the right request header with the secret word



Alfresco Employee
Active Member

Thank you for the suggestion!

I hadn't used this plugin defore, now I added it. But I haven't found a solution.

Here is what gives the interface of this plugin:

Capture d’écran du 2022-05-13 17-39-01.png

I remember that I had tried Authentificator, Http Evrywhere plugin but no solution as it should been in the 10th minute of your video : 


Active Member

Please, could anyone find a solution for my problem?

Alfresco Employee
Active Member

BIg thank you sir @angelborroy.

Solr starts normally now as expected whith that plugin.

Member II

Hello, thanks for the good explanation, I'm having some troubles to use this secret communication mode using the pysolr client, is there any recommendation you can provide?


Hi Angel:

A quick question. Is this valid for ACS 6.2 ? If not, may you use  ACS 6.2 and ASS 2.0.3 with solr.secureComms=none ? 

Regards and thanks in advance.


Member II

I was experiencing the same issue, solved it by adding this extension on my browser

I also added the header


The secret can be found on the docker-compose.yml file


This is how I added the header