----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66509/ -----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2060 https://issues.apache.org/jira/browse/RANGER-2060 Repository: ranger Description ------- Knox proxy with Knox-SSO is not working in a case when HA is enabled for both Ranger and Knox. If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and knox2.abc.com. If Ranger load-balancer URL is used in the knox topology for knox-proxy ui.xml, redirected url gets corrupted as: knoxha.abc.com:8443/gateway/....?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway/<topology>/ranger Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for Ranger to login. Diffs ----- security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ec6d78d security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 22ba524 Diff: https://reviews.apache.org/r/66509/diff/1/ Testing ------- Verified Knox-SSO and Knox-Proxy authentication to be working for Ranger-Admin in simple and kerberos enabled environments. Thanks, Vishal Suvagia