You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/04/02 16:34:25 UTC

[jira] [Updated] (KNOX-698) Deterministic default provider selection model

     [ https://issues.apache.org/jira/browse/KNOX-698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay updated KNOX-698:
-----------------------------
    Fix Version/s:     (was: 0.9.0)
                   Future

> Deterministic default provider selection model
> ----------------------------------------------
>
>                 Key: KNOX-698
>                 URL: https://issues.apache.org/jira/browse/KNOX-698
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.9.0
>            Reporter: Kevin Minder
>             Fix For: Future
>
>
> Currently the algorithem by which Knox selects a provider when one one is not explicitly identified either by the deployment contributor or a topology is essentially random.
> 1.  This frequently leads to confusions when runtime failures occur because an unexpected identity-assertion provider is selected.  You can see the results of this in that we have been forced to explicitly identify the "Default" identity-assertion provider in all of our "out of the box" topology files.
> 2.  While implementing KNOX-670 this also became inconvenient.  In the simplest of cases, "stock" applications may be used and no "policies" may be required.  That is no <gateway> section would be required in the topology file and no special meta-data would need to be added to the application.  Currently you have to explicitly specify the "Default" identity-assertion and the "Anonymous" authentication providers otherwise unexpected results occur.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)