himanshug commented on issue #9569: SSO support in Druid URL: https://github.com/apache/druid/issues/9569#issuecomment-609980322 > Plain LDAP auth demand user to enter ldap credentials whenever Druid endpoints are accessed. But the requirement is to authenticate user without entering credentials. For eg, if a user is already logged in to windows machine using LDAP, he should be able to access Druid endpoints with the current active session. @jon-wei I think above is because `druid-basic-security` extension doesn't manage a session with browser via cookies , `druid-pac4j` does that. To enable LDAP SSO... 1. in `druid-basic-security` , we could add cookie handling in there. 2. or add ldap support in `druid-pac4j` which would be easy as pac4j lib does support BASIC auth and LDAP . (see http://www.pac4j.org/docs/index.html ) downside to doing (2) is that we will have ldap in two different extensions then and that might confuse users, so I would favor (1) as that would add SSO for other auth mechanisms present in `druid-basic-security` ext as well, what do you think ?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
