You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2015/03/13 16:58:38 UTC

[jira] [Created] (KNOX-521) Enhance Principal Mapping to Handle Dynamic Mappings

Larry McCay created KNOX-521:
--------------------------------

             Summary: Enhance Principal Mapping to Handle Dynamic Mappings
                 Key: KNOX-521
                 URL: https://issues.apache.org/jira/browse/KNOX-521
             Project: Apache Knox
          Issue Type: Improvement
          Components: Server
            Reporter: Larry McCay
             Fix For: 0.6.0


We will add the ability to use provider parameters in order to dynamically create a disambiguated username for use in the Hadoop cluster.
This will require unix accounts for the disambiguated name inside the cluster.
The mapping syntax will be something like the following to dynamically append a domain/tenant id to the username:

{code}
<provider>
    <role>identity-assertion</role>
    <name>Default</name>
    <enabled>true</enabled>
    <param>
        <name>tenant.id</name>
        <value>_domain1</value>
    </param>
    <param>
        <name>principal.mapping</name>
        <value>*=_PRINCIPAL+$tenant.id</value>
    </param>
</provider>
{code}

The above demonstrates using a dynamic method of adding a tenant.id as a suffix for disambiguating users for this topology from users of another. Reversing the order of that idea would provide a prefix. This generic parameter name approach is very flexible.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)