----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63030/ -----------------------------------------------------------
Review request for ranger. Bugs: RANGER-1839 https://issues.apache.org/jira/browse/RANGER-1839 Repository: ranger Description ------- The KNOXSSO service can configure an audience parameter to restrict the audience of a given issued token. However, we can't enforce this check in Ranger. This task is to add a new configuration parameter "ranger.sso.audiences", which is a comma separated String of audiences, one of which must be contained (if specified) in the received token. Diffs ----- security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 7cfe0be8 security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java 7706d9bf Diff: https://reviews.apache.org/r/63030/diff/1/ Testing ------- Tested that audience validation works correctly with KNOXSSO. Thanks, Colm O hEigeartaigh