Hi Tien Dat PHAN - It is indeed a valid usecase and should work. If the documentation available in the user guide [1] is not working then we may have a bug in 1.5.0. There was a regression in OIDC support due to an upgraded dependency that was out of step with one of the others.
Please do let us know and provide the configuration that you are using for comparison. Thanks! --larry 1. http://knox.apache.org/books/knox-1-5-0/user-guide.html#Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect On Thu, Sep 9, 2021 at 5:17 AM Tien Dat PHAN <tphan....@gmail.com> wrote: > Dear experts, > > We are having an HDFS cluster which is secured with Kerberos. > We also have a CAS server which is used for basically most of our > authentication activities. > > We just wonder if with Apache Knox 1.5.0, is it possible to proxy the > webHDFS web UI of this HDFS cluster, with our CAS server as the > authenticator. > > We have been following the User guide, but so far, we did not succeed. > For your information, if we use the LDAP server as the authenticator, > instead of CAS server via Pac4J, it is working well. > > So we just wonder if 1) is it possible our use case? and 2) if it is > POSSIBLE, what could be the missing configuration we should add? (We can > share our topology configuration here if it can help) > > Best regards > Tien Dat PHAN >