Wenzhe Zhou has posted comments on this change. ( http://gerrit.cloudera.org:8080/17435 )
Change subject: IMPALA-10489: Implement JWT support ...................................................................... Patch Set 8: (1 comment) http://gerrit.cloudera.org:8080/#/c/17435/6/be/src/transport/THttpServer.cpp File be/src/transport/THttpServer.cpp: http://gerrit.cloudera.org:8080/#/c/17435/6/be/src/transport/THttpServer.cpp@286 PS6, Line 286: resetAuthState(); : returnUnauthorized(); : throw TTransportException("HTTP auth failed."); : } : } : : if (!authorized && use_jwt_token_ && !auth_value_.empty() : && auth_value_.find('.') != string::npos) { : // Check Authorization header with the Bearer authentication scheme as: : // Authorization: Bearer <token> : // A well-formed JWT consists of three concatenated Base64url-encoded strings, : // se > Thanks for capturing this case. SAML2 token is base64 encoded XML and shoul Discussed with Vihang. SAML Bearer token is generated by Impala code after the SAML auth flow is completed. Technically we could generate a JWT instead of our current implementation of the token at the end of SAML flow. Since Impala supports multiple auth mechanism in parallel, in theory we can have SAML and JWT configured simultaneously. So it's better to fall back to JWT verification after SAML verification fails. -- To view, visit http://gerrit.cloudera.org:8080/17435 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6b71fa854c9ddc8ca882878853395e1eb866143c Gerrit-Change-Number: 17435 Gerrit-PatchSet: 8 Gerrit-Owner: Wenzhe Zhou <wz...@cloudera.com> Gerrit-Reviewer: Andrew Sherman <asher...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com> Gerrit-Comment-Date: Sat, 22 May 2021 01:01:53 +0000 Gerrit-HasComments: Yes