[
https://issues.apache.org/jira/browse/KNOX-2020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16936718#comment-16936718
]
Larry McCay commented on KNOX-2020:
-----------------------------------
[~sharad-oss] - this looks interesting!
I'd actually like to see a one-pager type doc that describes the usecases, the
design and security considerations.
One thing that I am concerned about is the inclusion of sensitive credentials
in the JWT based cookie.
The cookie from KnoxSSO is intended for browsers and generally represents the
authenticated user but doesn't include credentials.
It is essentially in clear text since the JWT is merely base64 encoded.
In terms of usecases, I'd like to understand the full flow including how/where
the credentials are actually used.
> Enhance hadoop-jwt cookie to interact with the AWS ecosystem
> ------------------------------------------------------------
>
> Key: KNOX-2020
> URL: https://issues.apache.org/jira/browse/KNOX-2020
> Project: Apache Knox
> Issue Type: New Feature
> Components: KnoxSSO, Server
> Reporter: Sharad
> Priority: Major
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> It's desirable to access AWS managed services while accessing resources using
> Apache Knox. AWS provides SAML for federation, and we could enhance the SAML
> login flow in Knox to interact with AWS, and enhance the hadoop-jwt cookie
> with AWS credentials. The cookie now gives the gateway to interact with other
> AWS services like S3, DDB, EC2 etc (as defined by the IDP admin in the AWS
> Role that gets injected in SAML assertion).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
