[jira] [Commented] (ATLAS-3153) Support OpenID Connect directly rather than through Knox

Fri, 05 Jul 2019 15:24:52 -0700 


    [ 
https://issues.apache.org/jira/browse/ATLAS-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16879541#comment-16879541
 ] 

ASF subversion and git services commented on ATLAS-3153:
--------------------------------------------------------

Commit fd2544978658fbb8c1ee1164b286727af28770e5 in atlas's branch 
refs/heads/branch-2.0 from Bolke de Bruin
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=fd25449 ]

ATLAS-3153 :- Add Keycloak authentication method to Atlas.

Keycloak is an open source Identity and Access Management solution aimed at 
modern applications and services. It makes it easy to secure applications and 
services with little to no code.
This enabled Atlas to use OpenID Connect (OAUTH2) and allows integration with 
more services.

Signed-off-by: nixonrodrigues <ni...@apache.org>
(cherry picked from commit 645bc94e59969d08b81e7af7a5a2db78207ab3fe)


> Support OpenID Connect directly rather than through Knox
> --------------------------------------------------------
>
>                 Key: ATLAS-3153
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3153
>             Project: Atlas
>          Issue Type: Improvement
>          Components:  atlas-core, atlas-webui
>    Affects Versions: 2.0.0
>            Reporter: Bolke de Bruin
>            Priority: Major
>              Labels: authentication, authorization
>             Fix For: 3.0.0
>
>         Attachments: 0001-ATLAS-3153-Add-keycloak-authentication.patch, 
> 0001-ATLAS-3153-Testcase-fix-due-to-Keycloak-authenticati.patch, 
> application.log, keycloak.json, openid_connect_atlas.md
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The current SSO implementation with Apache Knox is limiting SSO 
> interoperability to Apache Knox. Knox uses JWT verification which could 
> easily be extended to allow for direct OpenID Connect support and doesn't 
> require organizations to deploy Knox.
> Required changes:
>  * Pickup bearer token from headers
>  * Improve and standardize redirecting
>  * Optionally: obtain certificates from well_known uri
>  * Optionally: obtain user groups from userinfo endpoint rather than UGI



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to