You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "KWON BYUNGCHANG (Jira)" <ji...@apache.org> on 2022/05/16 08:52:00 UTC

[jira] [Updated] (YARN-11155) ATS v1.5 doesn't work with JWTRedirectAuthenticationHandler

     [ https://issues.apache.org/jira/browse/YARN-11155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

KWON BYUNGCHANG updated YARN-11155:
-----------------------------------
    Attachment: YARN-11155.001.patch

> ATS v1.5 doesn't work with JWTRedirectAuthenticationHandler
> -----------------------------------------------------------
>
>                 Key: YARN-11155
>                 URL: https://issues.apache.org/jira/browse/YARN-11155
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: timelineserver
>    Affects Versions: 3.1.2, 3.3.2
>            Reporter: KWON BYUNGCHANG
>            Priority: Major
>         Attachments: YARN-11155.001.patch
>
>
> When ATS is configured with JWTRedirectAuthenticationHandler for KnoxSSO, In ATS,  Delegation Token operation does not work.
> In this situation, All hadoop web daemon use JWTRedirectAuthenticationHandler for KnoxSSO. But ATS should be use kerberos auth handler. Tez job users should login to kerberos for spnego auth for tez-ui access in own local pc. It is very inconvenient. 
>  
> Expected result (use JWTRedirectAuthenticationHandler)
> {code:java}
> curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
> {
>     "Token": {
>         "urlString": "KAbnVtLWFkbWm8EsIAZVElNfREVMRUTl9UT0tFTgA"
>     }
> }
>  {code}
>  
> Wrong result (use JWTRedirectAuthenticationHandler)
> {code:java}
> curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
> {
>     "About": "Timeline API",
>     "hadoop-build-version": "3.1.2 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by irteam source checksum 444e3aaa7feb4f8f73c3c3a71dbdd38",
>     "hadoop-version": "3.1.2",
>     "hadoop-version-built-on": "2022-04-08T03:45Z",
>     "timeline-service-build-version": "3.1.2-49 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by users source checksum 7594ee7186b86eeccfc787d139ee8b",
>     "timeline-service-version": "3.1.2",
>     "timeline-service-version-built-on": "2022-04-08T03:49Z"
> }
>  {code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org