You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2017/10/16 14:38:37 UTC
Review Request 63030: RANGER-1839 - Add the ability to specify SSO
token audiences
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63030/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-1839
https://issues.apache.org/jira/browse/RANGER-1839
Repository: ranger
Description
-------
The KNOXSSO service can configure an audience parameter to restrict the audience of a given issued token. However, we can't enforce this check in Ranger. This task is to add a new configuration parameter "ranger.sso.audiences", which is a comma separated String of audiences, one of which must be contained (if specified) in the received token.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 7cfe0be8
security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java 7706d9bf
Diff: https://reviews.apache.org/r/63030/diff/1/
Testing
-------
Tested that audience validation works correctly with KNOXSSO.
Thanks,
Colm O hEigeartaigh
Re: Review Request 63030: RANGER-1839 - Add the ability to specify
SSO token audiences
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63030/#review188136
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63030/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2017, 2:38 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-1839
> https://issues.apache.org/jira/browse/RANGER-1839
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The KNOXSSO service can configure an audience parameter to restrict the audience of a given issued token. However, we can't enforce this check in Ranger. This task is to add a new configuration parameter "ranger.sso.audiences", which is a comma separated String of audiences, one of which must be contained (if specified) in the received token.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 7cfe0be8
> security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java 7706d9bf
>
>
> Diff: https://reviews.apache.org/r/63030/diff/1/
>
>
> Testing
> -------
>
> Tested that audience validation works correctly with KNOXSSO.
>
>
> Thanks,
>
> Colm O hEigeartaigh
>
>
Re: Review Request 63030: RANGER-1839 - Add the ability to specify
SSO token audiences
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63030/#review188177
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63030/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2017, 2:38 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-1839
> https://issues.apache.org/jira/browse/RANGER-1839
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The KNOXSSO service can configure an audience parameter to restrict the audience of a given issued token. However, we can't enforce this check in Ranger. This task is to add a new configuration parameter "ranger.sso.audiences", which is a comma separated String of audiences, one of which must be contained (if specified) in the received token.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 7cfe0be8
> security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java 7706d9bf
>
>
> Diff: https://reviews.apache.org/r/63030/diff/1/
>
>
> Testing
> -------
>
> Tested that audience validation works correctly with KNOXSSO.
>
>
> Thanks,
>
> Colm O hEigeartaigh
>
>