[
https://issues.apache.org/jira/browse/HADOOP-10671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14345769#comment-14345769
]
Haohui Mai commented on HADOOP-10671:
-------------------------------------
I'm not sure whether this is the right approach to take given the fact that the
information of the web console comes from JMX and webhdfs, there are few points
to protect all the static files here. Maybe we need to look into (1) unifying
the auth filter for JMX and the GET_DELEGATION_TOKEN call in webhdfs, and (2)
update the web UI to issue GET_DELEGATION_TOKEN call if required.
> Single sign on between web console and webhdfs
> ----------------------------------------------
>
> Key: HADOOP-10671
> URL: https://issues.apache.org/jira/browse/HADOOP-10671
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Attachments: hadoop-10671-v2.patch, hadoop-10671.patch
>
>
> Currently it's not able to single sign on between hadoop web console and
> webhdfs since they don't share common configurations as required to, such as
> signature secret to sign authenticaton token, and domain cookie etc. This
> improvement would allow sso between the two, and also simplify the
> configuration by removing the duplicate effort for the two parts.
> The sso makes sense because in current web console, it integrates webhdfs and
> we should avoid redundant sign on in different mechanisms. This is necessary
> when a certain authentication mechanism other than SPNEGO is desired across
> web console and webhdfs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
