[ https://issues.apache.org/jira/browse/KNOX-1119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267919#comment-16267919 ]
Larry McCay commented on KNOX-1119: ----------------------------------- I've reviewed this patch and had to recreate it since it wasn't created from the root. I am in the process of trying to add a test for it but will hopefully have it committed in the next day or so. > Pac4J OAuth/OpenID Principal Needs to be Configurable > ----------------------------------------------------- > > Key: KNOX-1119 > URL: https://issues.apache.org/jira/browse/KNOX-1119 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO > Reporter: Larry McCay > Assignee: Larry McCay > Priority: Blocker > Fix For: 0.14.0 > > Attachments: Add_configurable_id_attribute_to_pac4j_filter_.patch > > > Currently, the Pac4JIdentityAdapter blindly accepts the subject of the > returned UserProfile which isn't directly usable in the Hadoop operating > environment. We need to be able to resolve it to an actual username. > It seems that we could take two different approaches for this. > 1. Add a param to the pac4j provider to indicate the UserProfile attribute to > use as the PrimaryPrincipal > 2. Add a new identity assertion provider that can decrypt the > pac4jUserProfile cookie and extract the configured attribute. > I lean towards #1 above so that identity assertion providers could be used to > munge the extracted attribute in interesting ways. > There was some discussion of this [1] back in 0.8.0 and we never really > circled back to it. > [~jleleu] - Am I missing anything that is already in place for this? > 1. > http://mail-archives.apache.org/mod_mbox/knox-dev/201601.mbox/%3CCACRbFyitvZ72-oqu2triGmn%3DKhB8JE0pFONyFim63RKS4gZp0A%40mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v6.4.14#64029)