[
https://issues.apache.org/jira/browse/KNOX-2020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16947934#comment-16947934
]
Larry McCay commented on KNOX-2020:
-----------------------------------
[~sharad-oss]- thank you for the one-pager and explanations!
There are a few things that I don't quite like here:
# While you describe possible usecases and consumers there is no concrete
usecase here that seems to be driving the need and implementation details or
way for users to benefit from this as a new feature out of the box
# It is dependent on Browsers and limited to SAML integration
# It would require application level changes in order to consume this vehicle
of credentials
The reliance on browsers here will make it challenging to have a consumer in
Knox as there aren't many things that require browser other than the proxying
of various UIs. I'm not sure what to suggest in terms of providing an
end-to-end feature.
Do you have any specific usecase in mind that can be delivered along with it?
> Enhance hadoop-jwt cookie to interact with the AWS ecosystem
> ------------------------------------------------------------
>
> Key: KNOX-2020
> URL: https://issues.apache.org/jira/browse/KNOX-2020
> Project: Apache Knox
> Issue Type: New Feature
> Components: KnoxSSO, Server
> Reporter: Sharad K
> Priority: Major
> Attachments: AWS Federation in Knox.docx
>
> Time Spent: 6h 40m
> Remaining Estimate: 0h
>
> It's desirable to access AWS managed services while accessing resources using
> Apache Knox. AWS provides SAML for federation, and we could enhance the SAML
> login flow in Knox to interact with AWS, and enhance the hadoop-jwt cookie
> with AWS credentials. The cookie now gives the gateway to interact with other
> AWS services like S3, DDB, EC2 etc (as defined by the IDP admin in the AWS
> Role that gets injected in SAML assertion).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
