[jira] [Assigned] (IMPALA-13687) Support providing a cookie secret file for validation

Tue, 03 Jun 2025 14:32:04 -0700 


     [ 
https://issues.apache.org/jira/browse/IMPALA-13687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Smith reassigned IMPALA-13687:
--------------------------------------

    Assignee: Michael Smith

> Support providing a cookie secret file for validation
> -----------------------------------------------------
>
>                 Key: IMPALA-13687
>                 URL: https://issues.apache.org/jira/browse/IMPALA-13687
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Michael Smith
>            Assignee: Michael Smith
>            Priority: Major
>
> Support providing a cookie secret file for cookie HMAC validation rather than 
> generating it during startup. This allows multiple coordinators - situated 
> behind a load balancer - to generate cookies that will be trusted by other 
> coordinators.
> This is beneficial when a tool - such as the Simba ODBC driver - caches 
> Cookie headers for re-use across multiple connections. A single 
> connection/session will be routed to the same coordinator for all 
> communication, but a later connection may route to a different coordinator. 
> When it tries to re-use the cached cookie, that cookie will currently be 
> considered invalid and require the user to re-authenticate. When using SAML - 
> which requires direct user interaction - and a tool that initiates many 
> connections - such as Excel with ODBC integration - this results in constant 
> requests to re-authenticate, making the workflow unusable.
> Modify Impala to accept a {{cookie_secret_file}} parameter. The contents of 
> the file should be read as a byte array, and used to initialize 
> AuthenticationHash of both Webserver and SecureAuthProvider classes, so that 
> cookies used for Web UI interaction and Thrift client connections can be 
> shared across coordinators.
> Implement automatic reloading of the file contents with 
> [inotify|https://man7.org/linux/man-pages/man7/inotify.7.html] in a 
> monitoring thread.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to