You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Risden (JIRA)" <ji...@apache.org> on 2018/11/12 18:57:00 UTC

[jira] [Comment Edited] (KNOX-1550) TLS/SSL clientAuth provider

    [ https://issues.apache.org/jira/browse/KNOX-1550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16684241#comment-16684241 ] 

Kevin Risden edited comment on KNOX-1550 at 11/12/18 6:56 PM:
--------------------------------------------------------------

Was able to test this by doing the following:
 * topology.xml authentication provider section
 ** 
{code:java}
<provider>
    <role>authentication</role>
    <name>ClientAuth</name>
    <enabled>true</enabled>
</provider>{code}

 * gateway-site.xml added:
 ** 
{code:java}
<property>
    <name>gateway.client.auth.wanted</name>
    <value>true</value>
</property>{code}

 * curl -Lki --key client_key.pem --cert client_public.pem ’[https://localhost:8443/gateway/test/webhdfs/v1/']
 * Ended up with the following in gateway-audit.log
 ** 
{noformat}
18/11/12 13:49:50 ||c82a22ab-4c2a-4c3b-b9ba-b92dbf0a85ae|audit|0:0:0:0:0:0:0:1|WEBHDFS|CN=admin, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown|||access|uri|/gateway/test/webhdfs/v1/|failure|{noformat}

 * 
 ** The failure is from not having webhdfs behind it. The audit works correctly though


was (Author: risdenk):
Was able to test this by doing the following:
 * gateway-site.xml added:
 ** 
{code:java}
<property>
    <name>gateway.client.auth.wanted</name>
    <value>true</value>
</property>{code}

 * curl -Lki --key client_key.pem --cert client_public.pem ’[https://localhost:8443/gateway/test/webhdfs/v1/']
 * Ended up with the following in gateway-audit.log
 ** 
{noformat}
18/11/12 13:49:50 ||c82a22ab-4c2a-4c3b-b9ba-b92dbf0a85ae|audit|0:0:0:0:0:0:0:1|WEBHDFS|CN=admin, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown|||access|uri|/gateway/test/webhdfs/v1/|failure|{noformat}

 ** The failure is from not having webhdfs behind it. The audit works correctly though

> TLS/SSL clientAuth provider
> ---------------------------
>
>                 Key: KNOX-1550
>                 URL: https://issues.apache.org/jira/browse/KNOX-1550
>             Project: Apache Knox
>          Issue Type: New Feature
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.3.0
>
>         Attachments: KNOX-1550.patch, KNOX-1550.patch, KNOX-1550.patch
>
>
> The ability to identify a user based on the CN of a clientAuth certificate could be useful.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)