You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2015/03/13 16:58:38 UTC
[jira] [Created] (KNOX-521) Enhance Principal Mapping to Handle
Dynamic Mappings
Larry McCay created KNOX-521:
--------------------------------
Summary: Enhance Principal Mapping to Handle Dynamic Mappings
Key: KNOX-521
URL: https://issues.apache.org/jira/browse/KNOX-521
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Larry McCay
Fix For: 0.6.0
We will add the ability to use provider parameters in order to dynamically create a disambiguated username for use in the Hadoop cluster.
This will require unix accounts for the disambiguated name inside the cluster.
The mapping syntax will be something like the following to dynamically append a domain/tenant id to the username:
{code}
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
<param>
<name>tenant.id</name>
<value>_domain1</value>
</param>
<param>
<name>principal.mapping</name>
<value>*=_PRINCIPAL+$tenant.id</value>
</param>
</provider>
{code}
The above demonstrates using a dynamic method of adding a tenant.id as a suffix for disambiguating users for this topology from users of another. Reversing the order of that idea would provide a prefix. This generic parameter name approach is very flexible.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)