You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2015/03/14 17:22:38 UTC
[jira] [Created] (HADOOP-11717) Add Redirecting WebSSO behavior
with JWT Token in Hadoop Auth
Larry McCay created HADOOP-11717:
------------------------------------
Summary: Add Redirecting WebSSO behavior with JWT Token in Hadoop Auth
Key: HADOOP-11717
URL: https://issues.apache.org/jira/browse/HADOOP-11717
Project: Hadoop Common
Issue Type: Improvement
Components: security
Reporter: Larry McCay
Assignee: Larry McCay
Extend AltKerberosAuthenticationHandler to provide WebSSO flow for UIs.
The actual authentication is done by some external service that the handler will redirect to when there is no hadoop.auth cookie and no JWT token found in the incoming request.
Using JWT provides a number of benefits:
* It is not tied to any specific authentication mechanism - so buys us many SSO integrations
* It is cryptographically verifiable for determining whether it can be trusted
* Checking for expiration allows for a limited lifetime and window for compromised use
This will introduce the use of nimbus-jose-jwt library for processing, validating and parsing JWT tokens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)