hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-12481) JWTRedirectAuthenticationHandler doesn't Retain Original Query String
Date Thu, 15 Oct 2015 16:43:05 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-12481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Larry McCay updated HADOOP-12481:
---------------------------------
    Description: 
An originally requested URL that contains a query string gets translated into an originalURL
query parameter without the original query string.
This can cause the redirect back to the requested resource to be invalid.



  was:
Extend AltKerberosAuthenticationHandler to provide WebSSO flow for UIs.

The actual authentication is done by some external service that the handler will redirect
to when there is no hadoop.auth cookie and no JWT token found in the incoming request.

Using JWT provides a number of benefits:

* It is not tied to any specific authentication mechanism - so buys us many SSO integrations
* It is cryptographically verifiable for determining whether it can be trusted
* Checking for expiration allows for a limited lifetime and window for compromised use

This will introduce the use of nimbus-jose-jwt library for processing, validating and parsing
JWT tokens.




> JWTRedirectAuthenticationHandler doesn't Retain Original Query String
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-12481
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12481
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 2.8.0
>
>
> An originally requested URL that contains a query string gets translated into an originalURL
query parameter without the original query string.
> This can cause the redirect back to the requested resource to be invalid.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message