[
https://issues.apache.org/jira/browse/KNOX-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-26:
-----------------------------
Description:
>From BUG-4305
During our discussions with customers they expressed requirements that the
gateway and ultimately Hadoop proper accept externally generated authentication
tokens. There are really two possible models here.
1. The gateway accepts external tokens (e.g. SAML, JWT, SWT), extracts the
principal and passes that downstream via either pseudo auth mechanism or
creation of hadoop.auth tokens.
2. The gateway is transparent and passes these external tokens through to the
downstream services where they will perform the required verification. This
model provides better security but will require changes to all downstream
Hadoop services.
was:
>From BUG-4305
During our discussions with Microsoft's Azure team they expressed requirements
that the gateway and ultimately Hadoop proper accept externally generated
authentication tokens. There are really two possible models here.
1. The gateway accepts external tokens (e.g. SAML, JWT, SWT), extracts the
principal and passes that downstream via either pseudo auth mechanism or
creation of hadoop.auth tokens.
2. The gateway is transparent and passes these external tokens through to the
downstream services where they will perform the required verification. This
model provides better security but will require changes to all downstream
Hadoop services.
> Support federation/SSO using external tokens
> --------------------------------------------
>
> Key: KNOX-26
> URL: https://issues.apache.org/jira/browse/KNOX-26
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Kevin Minder
>
> From BUG-4305
> During our discussions with customers they expressed requirements that the
> gateway and ultimately Hadoop proper accept externally generated
> authentication tokens. There are really two possible models here.
> 1. The gateway accepts external tokens (e.g. SAML, JWT, SWT), extracts the
> principal and passes that downstream via either pseudo auth mechanism or
> creation of hadoop.auth tokens.
> 2. The gateway is transparent and passes these external tokens through to the
> downstream services where they will perform the required verification. This
> model provides better security but will require changes to all downstream
> Hadoop services.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
