[ 
https://issues.apache.org/jira/browse/ATLAS-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864630#comment-16864630
 ] 

Bolke de Bruin commented on ATLAS-3153:
---------------------------------------

Ping [~saqeeb.shaikh136] ? I really need some more info in order to reproduce

> Support OpenID Connect directly rather than through Knox
> --------------------------------------------------------
>
>                 Key: ATLAS-3153
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3153
>             Project: Atlas
>          Issue Type: Improvement
>          Components:  atlas-core, atlas-webui
>    Affects Versions: 2.0.0
>            Reporter: Bolke de Bruin
>            Priority: Major
>              Labels: authentication, authorization
>         Attachments: 0001-ATLAS-3153-Add-keycloak-authentication.patch, 
> application.log, keycloak.json, openid_connect_atlas.md
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The current SSO implementation with Apache Knox is limiting SSO 
> interoperability to Apache Knox. Knox uses JWT verification which could 
> easily be extended to allow for direct OpenID Connect support and doesn't 
> require organizations to deploy Knox.
> Required changes:
>  * Pickup bearer token from headers
>  * Improve and standardize redirecting
>  * Optionally: obtain certificates from well_known uri
>  * Optionally: obtain user groups from userinfo endpoint rather than UGI



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to