falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kenneth ho (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FALCON-1026) Falcon UI to participate in SSO provided by Knox
Date Sun, 15 Feb 2015 21:03:11 GMT
kenneth ho created FALCON-1026:

             Summary: Falcon UI to participate in SSO provided by Knox
                 Key: FALCON-1026
                 URL: https://issues.apache.org/jira/browse/FALCON-1026
             Project: Falcon
          Issue Type: Bug
    Affects Versions: 0.6
            Reporter: kenneth ho
             Fix For: 0.6

Knox will provide SSO to Hadoop's Web UI. So once the user is authenticated to one Hadoop
Console (e.g Ambari Server or NN UI etc), navigating to another Web UI (DN UI or Falcon UI)
will not require the user to re-authenticate and their identity from authentication against
the first UI will be propagated to the second UI.
In terms of Requirement
Knox will provide SSO server as a Knox feature
Knox server will provide Login Page
Knox team will provide authentication filter that will be a servlet filter
Component's team will insert/package authentication filter with the component.
Component Team will provide a logout link on their pages, the link will re-direct to Knox
server SSO for logout scenario.
The benefit of this feature:
1. SSO between Hadoop's Web UI - End user will need to authentication only once & his
identity is propagated between consoles
2. Knox will provide authentication based on various modern Authentication scheme such as
SAML(Dal), OAuth (Future), Multi-Factor Authentication, and component teams get these integration
with out any extra work needed.

What mechanisms are available in NameNode to handle browser identity? If spnego is it, how
would someone pass identity with that on a click? Any plans (or is there current support)
for OAuth?
Also assume that Ambari is wired-up to external LDAP to authentication so the user authenticated
in ambari is an LDAP user and that the identity is in LDAP."

This message was sent by Atlassian JIRA

View raw message