[
https://issues.apache.org/jira/browse/HADOOP-10671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14033611#comment-14033611
]
Kai Zheng commented on HADOOP-10671:
------------------------------------
Hi Alejandro,
Thanks for your review and comment for the initial patch. I refined the patch
and tested it as follows per your request.
In core-site.xml, added the following properties:
<pre>
<property>
<name>hadoop.http.authentication.cookie.domain</name>
<value>hadoop-auth.com</value>
</property>
<property>
<name>dfs.web.authentication.cookie.domain</name>
<value>dfs-web.com</value>
</property>
</pre>
And noticed that for web console, it picked up and used the value of
hadoop-auth.com, for web hdfs, it got the value of dfs-web.com as expected.
> Single sign on between web console and webhdfs
> ----------------------------------------------
>
> Key: HADOOP-10671
> URL: https://issues.apache.org/jira/browse/HADOOP-10671
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Attachments: hadoop-10671-v2.patch, hadoop-10671.patch
>
>
> Currently it's not able to single sign on between hadoop web console and
> webhdfs since they don't share common configurations as required to, such as
> signature secret to sign authenticaton token, and domain cookie etc. This
> improvement would allow sso between the two, and also simplify the
> configuration by removing the duplicate effort for the two parts.
> The sso makes sense because in current web console, it integrates webhdfs and
> we should avoid redundant sign on in different mechanisms. This is necessary
> when a certain authentication mechanism other than SPNEGO is desired across
> web console and webhdfs.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
