atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nixon Rodrigues <nixon.rodrig...@freestoneinfotech.com>
Subject Re: Review Request 68363: ATLAS-2824 :- Atlas to support Trusted Knox Proxy
Date Tue, 13 Nov 2018 19:51:21 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68363/
-----------------------------------------------------------

(Updated Nov. 13, 2018, 7:51 p.m.)


Review request for atlas, Apoorv Naik, Ashutosh Mestry, Larry McCay, Madhan Neethiraj, and
Sarath Subramanian.


Changes
-------

This patch updates changes in SSLKerberosTest testcases and also added property to turn doAs
on/off for trusted proxy. 
atlas.authentication.method.trustedproxy=true/false

https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/805/console


Bugs: ATLAS-2824
    https://issues.apache.org/jira/browse/ATLAS-2824


Repository: atlas


Description
-------

This patch includes code to support request from knox proxy, where the proxy is already known
and trusted to Atlas via configuration. Atlas intercepts the incoming requests and if it from
knox proxy. Atlas allow the knox's doAs user to create session in Atlas. 

Configs required:-

atlas.authentication.allow.trustedproxy :- property allow trusted proxy support
atlas.proxyuser.knox.hosts :- property to add trusted hosts
atlas.proxyuser.knox.users :- property to add trusted users
atlas.proxyuser.knox.groups :- property to add trusted groups


Diffs (updated)
-----

  webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e5c40d061

  webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java 21d4f8526

  webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java 49d56b20c 


Diff: https://reviews.apache.org/r/68363/diff/7/

Changes: https://reviews.apache.org/r/68363/diff/6-7/


Testing
-------

Tested 

* Atlas UI from  Trusted Knox Proxy with Knox SSO loginpage.
* Atlas UI from  Knox Proxy with Atlas Login.
* Atlas UI from  Knox Proxy with SSO Filter enabled at Atlas.
* Atlas UI with Atlas Login.
* Atlas api from curl with BASIS & Kerberos headers


https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/573/console

Topology Used:-


<topology>
  <gateway>
????????<provider>
????????????<role>federation</role>
????????????<name>SSOCookieProvider</name>
????????????<enabled>true</enabled>
????????????<param>
????????????????<name>sso.authentication.provider.url</name>
????????????????<value>{KNOXHOST}/gateway/knoxsso/knoxauth/login.html</value>
????????????</param>
????????</provider>
????????<provider>
????????????<role>identity-assertion</role>
????????????<name>Default</name>
????????????<enabled>true</enabled>
????????</provider>
  </gateway>
  <service>
      <role>ATLAS</role>
      <url>{ATLAS_HOST}:21000/</url>
  </service>
  <service>
      <role>ATLAS-API</role>
      <url>{ATLAS_HOST}:21000</url>
  </service>
</topology>


Thanks,

Nixon Rodrigues


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message