You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2017/12/22 12:33:00 UTC

[jira] [Resolved] (KNOX-28) Support federation/SSO using external tokens

     [ https://issues.apache.org/jira/browse/KNOX-28?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay resolved KNOX-28.
-----------------------------
    Resolution: Fixed

Resolving this as fixed in 0.8.0 with the addition of Pac4J provider.

> Support federation/SSO using external tokens
> --------------------------------------------
>
>                 Key: KNOX-28
>                 URL: https://issues.apache.org/jira/browse/KNOX-28
>             Project: Apache Knox
>          Issue Type: New Feature
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>              Labels: security
>             Fix For: 0.8.0
>
>
> During our discussions with a customer they expressed requirements that the gateway and ultimately Hadoop proper accept externally generated authentication tokens. There are really two possible models here.
> 1. The gateway accepts external tokens (e.g. SAML, JWT, SWT), extracts the principal and passes that downstream via either pseudo auth mechanism or creation of hadoop.auth tokens.
> 2. The gateway is transparent and passes these external tokens through to the downstream services where they will perform the required verification. This model provides better security but will require changes to all downstream Hadoop services.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)