You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2013/10/25 21:56:31 UTC

[jira] [Created] (KNOX-191) Support Knox as "trusted proxy" allowing propagation of authenticated identity for client

Kevin Minder created KNOX-191:
---------------------------------

             Summary: Support Knox as "trusted proxy" allowing propagation of authenticated identity for client
                 Key: KNOX-191
                 URL: https://issues.apache.org/jira/browse/KNOX-191
             Project: Apache Knox
          Issue Type: New Feature
          Components: Server
    Affects Versions: 0.1.0
            Reporter: Kevin Minder
             Fix For: 0.4.0


The use case here is to extend the authentication trust even beyond Knox.  This way Knox could be made to trust authentication performed via some "client" web application.  The web application would authenticate to Knox as itself (ie service account) and Knox would trust the actual user identity asserted by the client app.  Care must be taken to ensure that this play's well with the existing hadoop user.name and doas mechanisms.  Currently we force user.name and doas parameters to be that of the authenticated user.  For these "trusted proxy" clients that would need to be relaxed.



--
This message was sent by Atlassian JIRA
(v6.1#6144)