You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "KWON BYUNGCHANG (Jira)" <ji...@apache.org> on 2022/05/16 08:52:00 UTC
[jira] [Updated] (YARN-11155) ATS v1.5 doesn't work with JWTRedirectAuthenticationHandler
[ https://issues.apache.org/jira/browse/YARN-11155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
KWON BYUNGCHANG updated YARN-11155:
-----------------------------------
Attachment: YARN-11155.001.patch
> ATS v1.5 doesn't work with JWTRedirectAuthenticationHandler
> -----------------------------------------------------------
>
> Key: YARN-11155
> URL: https://issues.apache.org/jira/browse/YARN-11155
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineserver
> Affects Versions: 3.1.2, 3.3.2
> Reporter: KWON BYUNGCHANG
> Priority: Major
> Attachments: YARN-11155.001.patch
>
>
> When ATS is configured with JWTRedirectAuthenticationHandler for KnoxSSO, In ATS, Delegation Token operation does not work.
> In this situation, All hadoop web daemon use JWTRedirectAuthenticationHandler for KnoxSSO. But ATS should be use kerberos auth handler. Tez job users should login to kerberos for spnego auth for tez-ui access in own local pc. It is very inconvenient.
>
> Expected result (use JWTRedirectAuthenticationHandler)
> {code:java}
> curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
> {
> "Token": {
> "urlString": "KAbnVtLWFkbWm8EsIAZVElNfREVMRUTl9UT0tFTgA"
> }
> }
> {code}
>
> Wrong result (use JWTRedirectAuthenticationHandler)
> {code:java}
> curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
> {
> "About": "Timeline API",
> "hadoop-build-version": "3.1.2 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by irteam source checksum 444e3aaa7feb4f8f73c3c3a71dbdd38",
> "hadoop-version": "3.1.2",
> "hadoop-version-built-on": "2022-04-08T03:45Z",
> "timeline-service-build-version": "3.1.2-49 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by users source checksum 7594ee7186b86eeccfc787d139ee8b",
> "timeline-service-version": "3.1.2",
> "timeline-service-version-built-on": "2022-04-08T03:49Z"
> }
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org