----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72024/#review224293 -----------------------------------------------------------
Ship it! Ship It! - Dhaval Shah On April 5, 2022, 12:24 p.m., Vishal Suvagia wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72024/ > ----------------------------------------------------------- > > (Updated April 5, 2022, 12:24 p.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2704 > https://issues.apache.org/jira/browse/RANGER-2704 > > > Repository: ranger > > > Description > ------- > > Need to support browser login using kerberos authentication. Added a logout > for an unauthenticated user to redirect to the login page. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java > 223a991c76bae7d25f5ce89604d0a8a90d426fe5 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > abbf2d983beb30b59e5d3f6429d6fc226f735793 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 0a1128613dca50fe67ea3f891261f1ee449c46db > > > Diff: https://reviews.apache.org/r/72024/diff/2/ > > > Testing > ------- > > Veriried kerberos ticket authentication is working on a kerberized browser. > > > Steps to test for a kerberized browser: > #1) For Kerberized browsers: > #1> To open Chrome in kerberos enabled mode need to run below command: > google-chrome --auth-server-whitelist="*ranger.testserver.com" > #2> For Firefox, need to go to about:configs and then search for > negotiate and then add the host domain > ranger.testserver.com to the property > "network.negotiate-auth.trusted-uris" > #2) Perform kinit with the required user. > #3) Open the Ranger Admin portal using FQDN of the server host. > > > Known Issue: If there is no valid kerberos ticket, user lands on a blank page > and a short hack is to either append locallogin to the URL or refresh the > browser tab to redirect to the login page. > P.S: this issue is not observed on Google Chrome browser > > > File Attachments > ---------------- > > RANGER-2704.patch > > https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch > RANGER-2704.02.patch > > https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch > RANGER-2704.03.patch > > https://reviews.apache.org/media/uploaded/files/2022/04/05/31e52557-051e-40ba-bc34-5dc6418e06f8__RANGER-2704.03.patch > > > Thanks, > > Vishal Suvagia > >
