[jira] [Updated] (ATLAS-5315) Make redirected login page configurable in atlas

Wed, 10 Jun 2026 05:00:33 -0700 


     [ 
https://issues.apache.org/jira/browse/ATLAS-5315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

chaitali borole updated ATLAS-5315:
-----------------------------------
    Description: 
Issue:
((HttpServletResponse) servletResponse).sendRedirect("/login.jsp");
 This need to be redirected login page ie login.jsp of Atlas or login url of 
authentication module service such IAM, KNOX or other IDP ?

Approach:
propose to have a config in Atlas properties to configure it.

JWT flow for reference:
3. AtlasJwtAuthWrapper
Runs JWT only when:

Knox off
trusted proxy off
not already authenticated
request has Authorization: Bearer … or JWT cookie (hadoop-jwt by default)
Otherwise → skip JWT, continue chain.

4. AtlasJwtAuthFilter

Reads JWT from header or cookie
Validates (JWKS URL / public key, expiry, audience)
If valid → set SecurityContext (sub = username, ROLE_USER)
If invalid → leave unauthenticated
5. Back in wrapper after JWT filter

If still unauthenticated and browser User-Agent → sendRedirect("/login.jsp")
Then always continues filterChain.doFilter(...)


  was:
Issue:
((HttpServletResponse) servletResponse).sendRedirect("/login.jsp");
 This need to be redirected login page ie login.jsp of Atlas or login url of 
authentication module service such IAM, KNOX or other IDP ?

Approach:
propose to have a config in Atlas properties to configure it.


> Make redirected login page configurable in atlas
> ------------------------------------------------
>
>                 Key: ATLAS-5315
>                 URL: https://issues.apache.org/jira/browse/ATLAS-5315
>             Project: Atlas
>          Issue Type: Improvement
>          Components:  atlas-core
>    Affects Versions: 3.0.0
>            Reporter: chaitali borole
>            Priority: Major
>
> Issue:
> ((HttpServletResponse) servletResponse).sendRedirect("/login.jsp");
>  This need to be redirected login page ie login.jsp of Atlas or login url of 
> authentication module service such IAM, KNOX or other IDP ?
> Approach:
> propose to have a config in Atlas properties to configure it.
> JWT flow for reference:
> 3. AtlasJwtAuthWrapper
> Runs JWT only when:
> Knox off
> trusted proxy off
> not already authenticated
> request has Authorization: Bearer … or JWT cookie (hadoop-jwt by default)
> Otherwise → skip JWT, continue chain.
> 4. AtlasJwtAuthFilter
> Reads JWT from header or cookie
> Validates (JWKS URL / public key, expiry, audience)
> If valid → set SecurityContext (sub = username, ROLE_USER)
> If invalid → leave unauthenticated
> 5. Back in wrapper after JWT filter
> If still unauthenticated and browser User-Agent → sendRedirect("/login.jsp")
> Then always continues filterChain.doFilter(...)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to