----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62769/ -----------------------------------------------------------
(Updated Oct. 10, 2017, 2:29 p.m.) Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian. Changes ------- This patch include changes to fix the Kerberos login when Atlas acessed from proxy by setting WWW_AUTHENTICATE header to blank when Atlas is accessed via Knox proxy env by detecting X-forward header. Bugs: ATLAS-2166 https://issues.apache.org/jira/browse/ATLAS-2166 Repository: atlas Description ------- Bug description:- On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID expired (idle for a long time) , logs in as knox user. Fix Description :- ATLAS-2166 - Added validation to prevent kerberos authentication when knox-proxy adds hadoop-auth header to proxied request Diffs (updated) ----- webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java 444b094 Diff: https://reviews.apache.org/r/62769/diff/2/ Changes: https://reviews.apache.org/r/62769/diff/1-2/ Testing ------- Tested Atlas UI/API with Atlas and knox Kerberized Env with & without proxy and also with SSO on/off. Tested curl with call with --negotiate headers. Tested curl with call with hadoop-jwt knox cookie header. Thanks, Nixon Rodrigues