Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences

Colm O hEigeartaigh Mon, 16 Oct 2017 07:39:00 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63030/
-----------------------------------------------------------


Review request for ranger.


Bugs: RANGER-1839
    https://issues.apache.org/jira/browse/RANGER-1839


Repository: ranger


Description
-------

The KNOXSSO service can configure an audience parameter to restrict the 
audience of a given issued token. However, we can't enforce this check in 
Ranger. This task is to add a new configuration parameter 
"ranger.sso.audiences", which is a comma separated String of audiences, one of 
which must be contained (if specified) in the received token.


Diffs
-----

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 7cfe0be8 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
 7706d9bf 


Diff: https://reviews.apache.org/r/63030/diff/1/


Testing
-------

Tested that audience validation works correctly with KNOXSSO.


Thanks,

Colm O hEigeartaigh

Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences

Reply via email to