-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/
-----------------------------------------------------------
(Updated Feb. 28, 2022, 7:35 p.m.)
Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan
Periasamy.
Bugs: RANGER-2704
https://issues.apache.org/jira/browse/RANGER-2704
Repository: ranger
Description
-------
Need to support browser login using kerberos authentication. Added a logout for
an unauthenticated user to redirect to the login page.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
223a991c76bae7d25f5ce89604d0a8a90d426fe5
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
abbf2d983beb30b59e5d3f6429d6fc226f735793
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
0a1128613dca50fe67ea3f891261f1ee449c46db
Diff: https://reviews.apache.org/r/72024/diff/2/
Testing
-------
Veriried kerberos ticket authentication is working on a kerberized browser.
Steps to test for a kerberized browser:
#1) For Kerberized browsers:
#1> To open Chrome in kerberos enabled mode need to run below command:
google-chrome --auth-server-whitelist="*ranger.testserver.com"
#2> For Firefox, need to go to about:configs and then search for negotiate
and then add the host domain
ranger.testserver.com to the property
"network.negotiate-auth.trusted-uris"
#2) Perform kinit with the required user.
#3) Open the Ranger Admin portal using FQDN of the server host.
File Attachments
----------------
RANGER-2704.patch
https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
Thanks,
Vishal Suvagia
