You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2020/07/27 19:51:00 UTC

[jira] [Created] (KNOX-2411) Implement composite authentication provider

Sandor Molnar created KNOX-2411:
-----------------------------------

             Summary: Implement composite authentication provider
                 Key: KNOX-2411
                 URL: https://issues.apache.org/jira/browse/KNOX-2411
             Project: Apache Knox
          Issue Type: New Feature
          Components: Server
    Affects Versions: 1.5.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 1.5.0


End-users should have a way of having different authentication providers bound to the same topology. For the first time, this _composite_ authentication provider will default to the following behavior:
 * this is going to be a new servlet Filter (just like other providers) implementation
 * as with all providers in the Knox gateway, the composite authentication provider is configured through provider parameters
 * only {{JWT}} and {{HadoopAuth}} authentication providers are supported
 * in the {{doFilter}} method, there is going to be a check if the incoming request has a valid JWT token (as a {{bearer}} token) extracted from the {{Authorization}} header. If this is true, the request is then processed on behalf of the user represented by the JWT token (using the existing JWT federation provider). If there is no _valid_ JWT token, the new filter will try to achieve authentication using the existing {{HadoopAuth}} authentication filter.

Later on, this composite authentication provider can be extended with different use-cases.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)