From dev-return-17667-archive-asf-public=cust-asf.ponee.io@ranger.apache.org  Wed Apr 11 03:19:35 2018
Return-Path: <dev-return-17667-archive-asf-public=cust-asf.ponee.io@ranger.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id A27DB18064C
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 11 Apr 2018 03:19:34 +0200 (CEST)
Received: (qmail 36222 invoked by uid 500); 11 Apr 2018 01:19:33 -0000
Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ranger.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ranger.apache.org>
List-Post: <mailto:dev@ranger.apache.org>
List-Id: <dev.ranger.apache.org>
Reply-To: dev@ranger.apache.org
Delivered-To: mailing list dev@ranger.apache.org
Received: (qmail 36206 invoked by uid 99); 11 Apr 2018 01:19:32 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Apr 2018 01:19:32 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 763AC1A0313;
	Wed, 11 Apr 2018 01:19:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.14
X-Spam-Level: *
X-Spam-Status: No, score=1.14 tagged_above=-999 required=6.31
	tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=2,
	KAM_LAZY_DOMAIN_SECURITY=1, KAM_MANYTO=0.2, RCVD_IN_DNSWL_MED=-2.3,
	T_RP_MATCHES_RCVD=-0.01] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 6HtSlP6mofZw; Wed, 11 Apr 2018 01:19:29 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 07EF15F24C;
	Wed, 11 Apr 2018 01:19:29 +0000 (UTC)
Received: from reviews.apache.org (unknown [10.41.0.12])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id CE441E0842;
	Wed, 11 Apr 2018 01:19:27 +0000 (UTC)
Received: from reviews-vm2.apache.org (localhost [IPv6:::1])
	by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 967F2C407A2;
	Wed, 11 Apr 2018 01:19:27 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============4516166968924620976=="
MIME-Version: 1.0
Subject: Re: Review Request 66509: RANGER-2060 : Knox proxy with knox-sso is
 not working for ranger
From: Qiang Zhang <zhangqiang2@zte.com.cn>
To: bhavik patel <bhavikpatel552@gmail.com>, Mehul Parikh <xsmehul@gmail.com>,
 Gautam Borad <gborad@gmail.com>, Abhay Kulkarni <akulkarni@hortonworks.com>,
 Velmurugan Periasamy <vperiasamy@hortonworks.com>,
 Pradeep Agrawal <pradeep.agrawal@freestoneinfotech.com>,
 Sailaja Polavarapu <spolavarapu@hortonworks.com>,
 Ankita Sinha <ankita.sinha@freestoneinfotech.com>,
 Madhan Neethiraj <madhan@apache.org>
Cc: ranger <dev@ranger.apache.org>, Qiang Zhang <zhangqiang2@zte.com.cn>,
 Vishal Suvagia <vishalsuvagia@yahoo.com>
Date: Wed, 11 Apr 2018 01:19:27 -0000
Message-ID: <20180411011927.29299.30132@reviews-vm2.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: Qiang Zhang <noreply@reviews.apache.org>
X-ReviewGroup: ranger
X-Auto-Response-Suppress: DR, RN, OOF, AutoReply
X-ReviewRequest-URL: https://reviews.apache.org/r/66509/
X-Sender: Qiang Zhang <noreply@reviews.apache.org>
X-ReviewBoard-ShipIt: 1
References: <20180409143338.36891.63259@reviews-vm2.apache.org>
In-Reply-To: <20180409143338.36891.63259@reviews-vm2.apache.org>
X-ReviewBoard-ShipIt-Only: 1
Reply-To: Qiang Zhang <zhangqiang2@zte.com.cn>
X-ReviewRequest-Repository: ranger

--===============4516166968924620976==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66509/#review200863
-----------------------------------------------------------


Ship it!




Ship It!

- Qiang Zhang


On April 9, 2018, 2:33 p.m., Vishal Suvagia wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66509/
> -----------------------------------------------------------
> 
> (Updated April 9, 2018, 2:33 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2060
>     https://issues.apache.org/jira/browse/RANGER-2060
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both Ranger and Knox.
> 
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and knox2.abc.com.
> 
> If Ranger load-balancer URL is used in the knox topology for knox-proxy ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/....?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway/<topology>/ranger
> 
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for Ranger to login.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java ec6d78d 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 22ba524 
> 
> 
> Diff: https://reviews.apache.org/r/66509/diff/1/
> 
> 
> Testing
> -------
> 
> Verified Knox-SSO and Knox-Proxy authentication to be working for Ranger-Admin in simple and kerberos enabled environments.
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>


--===============4516166968924620976==--