Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 735FCF4C5 for ; Wed, 1 May 2013 17:42:20 +0000 (UTC) Received: (qmail 92248 invoked by uid 500); 1 May 2013 17:42:17 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 92177 invoked by uid 500); 1 May 2013 17:42:17 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 91943 invoked by uid 99); 1 May 2013 17:42:17 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 May 2013 17:42:17 +0000 Date: Wed, 1 May 2013 17:42:17 +0000 (UTC) From: "Larry McCay (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HADOOP-9535) HSSO Server - IDP/SP Authentication Endpoint Deployment MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Larry McCay created HADOOP-9535: ----------------------------------- Summary: HSSO Server - IDP/SP Authentication Endpoint Deployment Key: HADOOP-9535 URL: https://issues.apache.org/jira/browse/HADOOP-9535 Project: Hadoop Common Issue Type: Sub-task Components: security Reporter: Larry McCay This effort will result in an embedded Jetty based server that deploys endpoints for the authentication or federation of entities. It will leverage common facilities for authentication and federation providers within servlet filters which allow composability of various provider types to satisfy various token and authentication processing requirements. For instance: In order for a client application to authenticate using BASIC credentials and receive a token that will allow access to HDFS we may need to provide a couple an endpoint comprised of an authentication provider and a token generation provider: 1. BASIC->LDAP Authentication Provider 2. Access Token Generation Provider This allows a user to authentication to the HSSO service endpoint with simple username/password using HTTP BASIC and leverage a simple username bind to an LDAP server for authentication. It then uses the resulting normalized java.security.Subject to generate an access token for the user to pass along with subsequent requests to other Hadoop services. Hadoop services only need to verify the token validity and trust of the issuer - HSSO service - in order to authenticate access to its protected resources. This task is dependent on common authentication provider frameworks and will need to insure compatibility and the composability described in this task. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira