[
https://issues.apache.org/jira/browse/KNOX-3350?focusedWorklogId=1025233&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1025233
]
ASF GitHub Bot logged work on KNOX-3350:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Jun/26 14:40
Start Date: 15/Jun/26 14:40
Worklog Time Spent: 10m
Work Description: smolnar82 commented on PR #1264:
URL: https://github.com/apache/knox/pull/1264#issuecomment-4709080260
@moresandeep - Thanks for your review; I replied back to the default value
above.
> Subject. For SSO groups are populated from SAML right? can you elaborate
on how this will Subject groups are populated.
Nope. SAML is one way to authenticate. But we do support other authN
mechanisms, such as LDAP.
In case of LDAP, Knox needs to be configured with the `HadoopGroupProvider`
for group lookup. If that's configured, Knox will place `GroupPrincipal` items
in the current Subject during request processing flow. Ultimately, we arrive to
the `KNOXSSO` service (`WebSSOResource` in the codebase), which is a
terminating-service (i.e. non-proxying), but at this phase the Subject is
already decorated and we can read what groups were resolved by Knox.
Issue Time Tracking
-------------------
Worklog Id: (was: 1025233)
Time Spent: 50m (was: 40m)
> Allow group membership information to be included in issued KNOXSSO cookie
> --------------------------------------------------------------------------
>
> Key: KNOX-3350
> URL: https://issues.apache.org/jira/browse/KNOX-3350
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Sandor Molnar
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> KNOX-2731 added the ability to include group information (if available), in
> the generated JWTs by the {{KNOXTOKEN}} service.
> It'd be beneficial to decorate the `hadoop-jwt` SSO cookie with groups as
> well (in case if's configured).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
