-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66509/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu,
and Velmurugan Periasamy.
Bugs: RANGER-2060
https://issues.apache.org/jira/browse/RANGER-2060
Repository: ranger
Description
-------
Knox proxy with Knox-SSO is not working in a case when HA is enabled for both
Ranger and Knox.
If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as
ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on
knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and
knox2.abc.com.
If Ranger load-balancer URL is used in the knox topology for knox-proxy ui.xml,
redirected url gets corrupted as:
knoxha.abc.com:8443/gateway/....?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway/<topology>/ranger
Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for
Ranger to login.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
ec6d78d
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
22ba524
Diff: https://reviews.apache.org/r/66509/diff/1/
Testing
-------
Verified Knox-SSO and Knox-Proxy authentication to be working for Ranger-Admin
in simple and kerberos enabled environments.
Thanks,
Vishal Suvagia
