Update documentation
git-svn-id: https://svn.apache.org/repos/asf/manifoldcf/integration/solr-4.x/trunk@1536587 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index a0e39b9..1ef854c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -3,6 +3,11 @@
======================= 0.5-dev =====================
+Add functionality making the plugin compatible with multi-domain
+features of ManifoldCF. Specifically, allow multiple domain/username
+tuples to be passed in the request.
+(Karl Wright)
+
======================= Release 0.4 =====================
CONNECTORS-534: Repackage plugins to have a true binary release,
diff --git a/mcf/README.txt b/mcf/README.txt
index 724a300..1c168de 100644
--- a/mcf/README.txt
+++ b/mcf/README.txt
@@ -13,6 +13,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+Compatibility
+------------
+
+This version of this component is only compatible with ManifoldCF 1.5 and above, and cannot be used with earlier releases of ManifoldCF.
Getting Started
---------------
@@ -73,3 +77,34 @@
...
</requestHandler>
+
+Supplying authenticated usernames and domains
+----------------------------------------------
+
+This component looks for the following parameters in the Solr request object:
+
+AuthenticatedUserName
+AuthenticatedUserDomain
+AuthenticatedUserName_XX
+AuthenticatedUserDomain_XX
+
+At a minimum, AuthenticatedUserName must be present in order for the component to communicate with
+the ManifoldCF Authority Service and obtain user access tokens. In that case, the user identity will consist
+of one user and one authorization domain. If AuthenticatedUserDomain is not set, then the authorization domain
+chosen will be the standard default domain, an empty string.
+
+If you need multiple user/domain tuples for the user identity, you may pass these as parameter pairs starting with
+AuthenticatedUserName_0 and AuthenticatedUserDomain_0, and counting up as high as you like.
+
+Operation in conjunction with mod-authz-annotate
+------------------------------------------------
+
+An optional component of ManifoldCF can be built and deployed as part of Apache - mod-authz-annotate. The
+mod-authz-annotate module obtains the Kerberos principal from the Kerberos tickets present if mod-auth-kerb is used, and uses
+the MCF Authority Service to look up the appropriate access tokens. If you choose to use that architecture,
+you will still need to use this Solr component to modify the user query. All you have to do is the following:
+
+- Make sure you do not set AuthenticatedUserName or AuthenticatedUserName_0 in the request
+- Make sure the HTTP request from Apache to Solr translates all AAAGRP header values into "UserToken" parameters
+ for the Solr request
+
