----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63030/#review188177 -----------------------------------------------------------
Ship it! Ship It! - Alejandro Fernandez On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63030/ > ----------------------------------------------------------- > > (Updated Oct. 16, 2017, 2:38 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1839 > https://issues.apache.org/jira/browse/RANGER-1839 > > > Repository: ranger > > > Description > ------- > > The KNOXSSO service can configure an audience parameter to restrict the > audience of a given issued token. However, we can't enforce this check in > Ranger. This task is to add a new configuration parameter > "ranger.sso.audiences", which is a comma separated String of audiences, one > of which must be contained (if specified) in the received token. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 7cfe0be8 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java > 7706d9bf > > > Diff: https://reviews.apache.org/r/63030/diff/1/ > > > Testing > ------- > > Tested that audience validation works correctly with KNOXSSO. > > > Thanks, > > Colm O hEigeartaigh > >
