MCF Gang:

I've followed the instructions in the "ManifoldCF in Action" docs to
setup security integration between ManifoldCF and Solr.  I've added
the ManifoldCF SearchComponent to Solr, and I see that my indexed
documents are getting allow_token_share, allow_token_parent,
allow_token_share, etc. tokens added.

But when I query with the MCF plugin added and the
AuthenticatedUserName parameter added, I never get any results.

I tried just with with username "Fred" and I see this in the solr logs:

2017-10-29 00:18:51.527 INFO  (qtp834133664-16) [   ]
o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for
2147483647\
 transient cores
2017-10-29 00:18:52.742 INFO  (qtp834133664-15) [   ]
o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/cores
params={indexInfo=fa\
lse&wt=json&_=1509236332203} status=0 QTime=6
2017-10-29 00:18:53.009 INFO  (qtp834133664-11) [   ]
o.a.s.s.HttpSolrCall [admin] webapp=null path=/admin/info/system
params={wt=jso\
n&_=1509236332206} status=0 QTime=201
2017-10-29 00:19:14.349 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.m.ManifoldCFSearchComponent Trying to match docs for user\
 '[:Fred]'
2017-10-29 00:19:14.476 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.m.ManifoldCFSearchComponent Saw authority response AUTHOR\
IZED:Null+authority+connection+for+testing
2017-10-29 00:19:14.529 INFO  (qtp834133664-16) [   x:gettingstarted]
o.a.s.c.S.Request [gettingstarted]  webapp=/solr path=/select p\
arams={q=*:*&AuthenticatedUserName=Fred&indent=on&wt=xml&_=1509236332558}
hits=0 status=0 QTime=228

I can tell Solr is talking to the MCF authority service, because
"Null+authority+connection+for+testing" is the description I used on
the Manifold side.

There are documents in the index that include fields like this:

<doc> <arr name="allow_token_document"> <str>Null:Fred</str> </arr>
<arr name="title"> <str/> </arr> <str
name="id">http://rss.cnn.com/~r/rss/cnn_world/~3/iTYAcfUavzM/orig-burger-king-bullying.cnn</str>
<arr name="deny_token_document"> <str>Null:DEAD_AUTHORITY</str> </arr>
<str name="stream_content_type">text/html; charset=utf-8</str> <str
name="keywords">world, Burger King stands up to bullying - CNN
Video</str> <str name="description">Burger King creates a PSA that
asks their customers to take a closer look at bullying. </str> <str
name="stream_name">docname</str> <str name="dc_title">Burger King
stands up to bullying - CNN Video</str> <arr name="content_type">
<str>text/html; charset=UTF-8</str> </arr> <long
name="stream_size">489145</long> <str
name="x_parsed_by">org.apache.tika.parser.DefaultParser
org.apache.tika.parser.html.HtmlParser</str> <str
name="stream_source_info">docname</str> <str
name="resourcename">docname</str> <str
name="fb_app_id">80401312489</str> <arr name="deny_token_parent">
<str>__no_security__</str> </arr> <arr name="allow_token_share">
<str>__no_security__</str> </arr> <arr name="deny_token_share">
<str>__no_security__</str> </arr> <arr name="allow_token_parent">
<str>__no_security__</str> </arr>
...
...
</doc>
But nonetheless, no results are returned.   I'm sure I'm missing
something obvious here, but whatever it is is defeating me at the
moment.

The only thing I see that looks a little dodgy is this  "Trying to
match docs for user '[:Fred]'"  given that the tokens look like
"Null:Fred".
Any ideas what the problem could be?
Thanks,
Phil
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB