You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2014/09/26 01:12:33 UTC

[jira] [Updated] (KNOX-191) Support Knox as "trusted proxy" allowing propagation of authenticated identity for client

     [ https://issues.apache.org/jira/browse/KNOX-191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay updated KNOX-191:
-----------------------------
    Fix Version/s:     (was: 0.5.0)
                   0.6.0

> Support Knox as "trusted proxy" allowing propagation of authenticated identity for client
> -----------------------------------------------------------------------------------------
>
>                 Key: KNOX-191
>                 URL: https://issues.apache.org/jira/browse/KNOX-191
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.1.0
>            Reporter: Kevin Minder
>             Fix For: 0.6.0
>
>
> The use case here is to extend the authentication trust even beyond Knox.  This way Knox could be made to trust authentication performed via some "client" web application.  The web application would authenticate to Knox as itself (ie service account) and Knox would trust the actual user identity asserted by the client app.  Care must be taken to ensure that this play's well with the existing hadoop user.name and doas mechanisms.  Currently we force user.name and doas parameters to be that of the authenticated user.  For these "trusted proxy" clients that would need to be relaxed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)