[ https://issues.apache.org/jira/browse/HADOOP-10671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14033611#comment-14033611 ]
Kai Zheng commented on HADOOP-10671: ------------------------------------ Hi Alejandro, Thanks for your review and comment for the initial patch. I refined the patch and tested it as follows per your request. In core-site.xml, added the following properties: <pre> <property> <name>hadoop.http.authentication.cookie.domain</name> <value>hadoop-auth.com</value> </property> <property> <name>dfs.web.authentication.cookie.domain</name> <value>dfs-web.com</value> </property> </pre> And noticed that for web console, it picked up and used the value of hadoop-auth.com, for web hdfs, it got the value of dfs-web.com as expected. > Single sign on between web console and webhdfs > ---------------------------------------------- > > Key: HADOOP-10671 > URL: https://issues.apache.org/jira/browse/HADOOP-10671 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Kai Zheng > Assignee: Kai Zheng > Attachments: hadoop-10671-v2.patch, hadoop-10671.patch > > > Currently it's not able to single sign on between hadoop web console and > webhdfs since they don't share common configurations as required to, such as > signature secret to sign authenticaton token, and domain cookie etc. This > improvement would allow sso between the two, and also simplify the > configuration by removing the duplicate effort for the two parts. > The sso makes sense because in current web console, it integrates webhdfs and > we should avoid redundant sign on in different mechanisms. This is necessary > when a certain authentication mechanism other than SPNEGO is desired across > web console and webhdfs. -- This message was sent by Atlassian JIRA (v6.2#6252)