Larry McCay created HADOOP-9535:
-----------------------------------
Summary: HSSO Server - IDP/SP Authentication Endpoint Deployment
Key: HADOOP-9535
URL: https://issues.apache.org/jira/browse/HADOOP-9535
Project: Hadoop Common
Issue Type: Sub-task
Components: security
Reporter: Larry McCay
This effort will result in an embedded Jetty based server that deploys
endpoints for the authentication or federation of entities.
It will leverage common facilities for authentication and federation providers
within servlet filters which allow composability of various provider types to
satisfy various token and authentication processing requirements.
For instance:
In order for a client application to authenticate using BASIC credentials and
receive a token that will allow access to HDFS we may need to provide a couple
an endpoint comprised of an authentication provider and a token generation
provider:
1. BASIC->LDAP Authentication Provider
2. Access Token Generation Provider
This allows a user to authentication to the HSSO service endpoint with simple
username/password using HTTP BASIC and leverage a simple username bind to an
LDAP server for authentication. It then uses the resulting normalized
java.security.Subject to generate an access token for the user to pass along
with subsequent requests to other Hadoop services.
Hadoop services only need to verify the token validity and trust of the issuer
- HSSO service - in order to authenticate access to its protected resources.
This task is dependent on common authentication provider frameworks and will
need to insure compatibility and the composability described in this task.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
