[ https://issues.apache.org/jira/browse/ATLAS-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864630#comment-16864630 ]
Bolke de Bruin commented on ATLAS-3153: --------------------------------------- Ping [~saqeeb.shaikh136] ? I really need some more info in order to reproduce > Support OpenID Connect directly rather than through Knox > -------------------------------------------------------- > > Key: ATLAS-3153 > URL: https://issues.apache.org/jira/browse/ATLAS-3153 > Project: Atlas > Issue Type: Improvement > Components: atlas-core, atlas-webui > Affects Versions: 2.0.0 > Reporter: Bolke de Bruin > Priority: Major > Labels: authentication, authorization > Attachments: 0001-ATLAS-3153-Add-keycloak-authentication.patch, > application.log, keycloak.json, openid_connect_atlas.md > > Time Spent: 20m > Remaining Estimate: 0h > > The current SSO implementation with Apache Knox is limiting SSO > interoperability to Apache Knox. Knox uses JWT verification which could > easily be extended to allow for direct OpenID Connect support and doesn't > require organizations to deploy Knox. > Required changes: > * Pickup bearer token from headers > * Improve and standardize redirecting > * Optionally: obtain certificates from well_known uri > * Optionally: obtain user groups from userinfo endpoint rather than UGI -- This message was sent by Atlassian JIRA (v7.6.3#76005)