[
https://issues.apache.org/jira/browse/HADOOP-10671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14353308#comment-14353308
]
Haohui Mai commented on HADOOP-10671:
-------------------------------------
It is a pain to get multiple auth filters lined up and working today if you
have customized authentication mechanism. I think that it is a good direction
to go, but I'm concerned about the compatibility issues as it assigns the
configuration with new behavior. Can you please list all the configurations and
then we can discuss what is the best way to move forward?
> Single sign on between web console and webhdfs
> ----------------------------------------------
>
> Key: HADOOP-10671
> URL: https://issues.apache.org/jira/browse/HADOOP-10671
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
> Assignee: Kai Zheng
> Attachments: HADOOP-10671-v3.patch, hadoop-10671-v2.patch,
> hadoop-10671.patch
>
>
> Currently it's not able to single sign on between hadoop web console and
> webhdfs since they don't share common configurations as required to, such as
> signature secret to sign authenticaton token, and domain cookie etc. This
> improvement would allow sso between the two, and also simplify the
> configuration by removing the duplicate effort for the two parts.
> The sso makes sense because in current web console, it integrates webhdfs and
> we should avoid redundant sign on in different mechanisms. This is necessary
> when a certain authentication mechanism other than SPNEGO is desired across
> web console and webhdfs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
