You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Shao Feng Shi (Jira)" <ji...@apache.org> on 2019/11/27 00:44:00 UTC
[jira] [Commented] (KYLIN-4240) Use SSO without LDAP
[ https://issues.apache.org/jira/browse/KYLIN-4240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983038#comment-16983038 ]
Shao Feng Shi commented on KYLIN-4240:
--------------------------------------
Hi Congling, right, SAML/SSO usually only for authentication, not authorization. LDAP is just one way to manage the authorization info. I agree with you that "SSO without LDAP" is a common scenario for some users. But I didn't get, with this change, how to manage the user-group information? Does that need be managed in the xml files manually? Thanks!
> Use SSO without LDAP
> --------------------
>
> Key: KYLIN-4240
> URL: https://issues.apache.org/jira/browse/KYLIN-4240
> Project: Kylin
> Issue Type: New Feature
> Components: Integration, Web
> Reporter: Congling Xia
> Assignee: Congling Xia
> Priority: Major
> Attachments: screenshot.png
>
>
> Recently, we are integrating Kylin with our SSO service based on CAS. In our case, SSO provide only authentication but no authorization. Because our LDAP service is not used for application specific information management, we plan to use the built-in user/group services to manage their authorities (as in testing profile).
> I am doing some work with CAS authentication to make it work along with form login in Kylin. I dont know whether it is a common case that user need to be authenticated by an SSO and will be managed for roles/groups in Kylin itself when LDAP is not available. I'd like to share it for someone in need.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)