Author: lmccay Date: Wed Sep 17 15:19:47 2014 New Revision: 1625630 URL: http://svn.apache.org/r1625630 Log: Changed the name of the identity assertion provider to Default in book 0.5.0
Modified: knox/site/books/knox-0-4-0/deployment-overview.png knox/site/books/knox-0-4-0/deployment-provider.png knox/site/books/knox-0-4-0/deployment-service.png knox/site/books/knox-0-4-0/runtime-overview.png knox/site/books/knox-0-4-0/runtime-request-processing.png knox/site/books/knox-0-5-0/knox-0-5-0.html knox/site/index.html knox/site/issue-tracking.html knox/site/license.html knox/site/mail-lists.html knox/site/project-info.html knox/site/team-list.html knox/trunk/books/0.5.0/admin_api.md knox/trunk/books/0.5.0/config_authz.md knox/trunk/books/0.5.0/config_id_assertion.md Modified: knox/site/books/knox-0-4-0/deployment-overview.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-overview.png?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== Binary files - no diff available. Modified: knox/site/books/knox-0-4-0/deployment-provider.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-provider.png?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== Binary files - no diff available. Modified: knox/site/books/knox-0-4-0/deployment-service.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-service.png?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== Binary files - no diff available. Modified: knox/site/books/knox-0-4-0/runtime-overview.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/runtime-overview.png?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== Binary files - no diff available. Modified: knox/site/books/knox-0-4-0/runtime-request-processing.png URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/runtime-request-processing.png?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== Binary files - no diff available. Modified: knox/site/books/knox-0-5-0/knox-0-5-0.html URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/knox-0-5-0.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/books/knox-0-5-0/knox-0-5-0.html (original) +++ knox/site/books/knox-0-5-0/knox-0-5-0.html Wed Sep 17 15:19:47 2014 @@ -566,7 +566,7 @@ ip-10-39-107-209.ec2.internal "role": "authorization" }, { "enabled": true, - "name": "Pseudo", + "name": "Default", "params": {}, "role": "identity-assertion" }, { @@ -771,16 +771,16 @@ ldapRealm.userDnTemplate=uid={0},ou=peop <li>determine whether it matches any principal mapping rules and apply them appropriately</li> <li>determine whether it matches any group principal mapping rules and apply them</li> <li>if it is determined that the principal will be impersonating another through a principal mapping rule then a Subject.doAS is required in order for providers farther downstream can determine the appropriate effective principal name and groups for the user</li> -</ol><p>The following configuration is required for asserting the users identity to the Hadoop cluster using Pseudo or Simple “authentication”.</p> +</ol><p>The following configuration is required for asserting the users identity to the Hadoop cluster using Pseudo or Simple “authentication” and for using kerberos/SPNEGO for secure clusters.</p> <pre><code><provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> </provider> -</code></pre><p>This particular configuration indicates that the Pseudo identity assertion provider is enabled and that there are no principal mapping rules to apply to identities flowing from the authentication in the gateway to the backend Hadoop cluster services. The primary principal of the current subject will therefore be asserted via a query paramter or as a form parameter - ie. ?user.name={primaryPrincipal}</p> +</code></pre><p>This particular configuration indicates that the Default identity assertion provider is enabled and that there are no principal mapping rules to apply to identities flowing from the authentication in the gateway to the backend Hadoop cluster services. The primary principal of the current subject will therefore be asserted via a query paramter or as a form parameter - ie. ?user.name={primaryPrincipal}</p> <pre><code><provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> <param> <name>principal.mapping</name> @@ -988,7 +988,7 @@ ldapRealm.userDnTemplate=uid={0},ou=peop </provider> <provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> <param> <name>principal.mapping</name> Modified: knox/site/index.html URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/index.html (original) +++ knox/site/index.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/issue-tracking.html URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/issue-tracking.html (original) +++ knox/site/issue-tracking.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/license.html URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/license.html (original) +++ knox/site/license.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/mail-lists.html URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/mail-lists.html (original) +++ knox/site/mail-lists.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/project-info.html URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/project-info.html (original) +++ knox/site/project-info.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/team-list.html URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/site/team-list.html (original) +++ knox/site/team-list.html Wed Sep 17 15:19:47 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-10 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-09-17 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20140910" /> + <meta name="Date-Revision-yyyymmdd" content="20140917" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-09-10</span> + | <span id="publishDate">Last Published: 2014-09-17</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/trunk/books/0.5.0/admin_api.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.5.0/admin_api.md?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/trunk/books/0.5.0/admin_api.md (original) +++ knox/trunk/books/0.5.0/admin_api.md Wed Sep 17 15:19:47 2014 @@ -133,7 +133,7 @@ Calls to Knox and return a JSON object t "role": "authorization" }, { "enabled": true, - "name": "Pseudo", + "name": "Default", "params": {}, "role": "identity-assertion" }, { Modified: knox/trunk/books/0.5.0/config_authz.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.5.0/config_authz.md?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/trunk/books/0.5.0/config_authz.md (original) +++ knox/trunk/books/0.5.0/config_authz.md Wed Sep 17 15:19:47 2014 @@ -274,7 +274,7 @@ An example of a full topology that illus </provider> <provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> <param> <name>principal.mapping</name> Modified: knox/trunk/books/0.5.0/config_id_assertion.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.5.0/config_id_assertion.md?rev=1625630&r1=1625629&r2=1625630&view=diff ============================================================================== --- knox/trunk/books/0.5.0/config_id_assertion.md (original) +++ knox/trunk/books/0.5.0/config_id_assertion.md Wed Sep 17 15:19:47 2014 @@ -24,19 +24,19 @@ The general responsibilities of the iden 2. determine whether it matches any group principal mapping rules and apply them 3. if it is determined that the principal will be impersonating another through a principal mapping rule then a Subject.doAS is required in order for providers farther downstream can determine the appropriate effective principal name and groups for the user -The following configuration is required for asserting the users identity to the Hadoop cluster using Pseudo or Simple "authentication". +The following configuration is required for asserting the users identity to the Hadoop cluster using Pseudo or Simple "authentication" and for using kerberos/SPNEGO for secure clusters. <provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> </provider> -This particular configuration indicates that the Pseudo identity assertion provider is enabled and that there are no principal mapping rules to apply to identities flowing from the authentication in the gateway to the backend Hadoop cluster services. The primary principal of the current subject will therefore be asserted via a query paramter or as a form parameter - ie. ?user.name={primaryPrincipal} +This particular configuration indicates that the Default identity assertion provider is enabled and that there are no principal mapping rules to apply to identities flowing from the authentication in the gateway to the backend Hadoop cluster services. The primary principal of the current subject will therefore be asserted via a query paramter or as a form parameter - ie. ?user.name={primaryPrincipal} <provider> <role>identity-assertion</role> - <name>Pseudo</name> + <name>Default</name> <enabled>true</enabled> <param> <name>principal.mapping</name>