You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/04/10 22:15:25 UTC
[GitHub] [druid] himanshug commented on a change in pull request #9637:
druid-pac4j: add ability to use custom ssl trust store while talking to
auth server
himanshug commented on a change in pull request #9637: druid-pac4j: add ability to use custom ssl trust store while talking to auth server
URL: https://github.com/apache/druid/pull/9637#discussion_r406965465
##########
File path: docs/development/extensions-core/druid-pac4j.md
##########
@@ -38,8 +38,9 @@ druid.auth.authenticator.pac4j.type=pac4j
### Properties
|Property|Description|Default|required|
|--------|---------------|-----------|-------|--------|
+|`druid.auth.pac4j.cookiePassphrase`|passphrase for encrypting the cookies used to manage authentication session with browser. It can be provided as plaintext string or The [Password Provider](../../operations/password-provider.md).|none|Yes|
+|`druid.auth.pac4j.readTimeout`|Socket connect and read timeout duration used when communicating with authentication server|PT5S|No|
+|`druid.auth.pac4j.enableCustomSslContext`|Whether to use custom SSLContext setup via [simple-client-sslcontext](simple-client-sslcontext.md) extension which must be added to extensions list when this property is set to true.|false|No|
Review comment:
thanks for looking, valid question.
I chose to go this route instead of adding separate config for a branch new ssl context to reduce amount of configuration user has. That said, I see that `ldap` doesn't use druid's common ssl context but builds one separately. I haven't personally seen the use cases for this separation yet but I am not security expert and could be wrong.
If we come across such use case, then I think we should add support for another SSLContext inside druid core code .. one for talking to external auth services (oauth server, ldap server etc) so that we don't repeat this thing for all auth extensions that happen to talk to external services.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org