Re: Review Request 68363: ATLAS-2824 :- Atlas to support Trusted Knox Proxy

Mon, 29 Oct 2018 06:08:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68363/
-----------------------------------------------------------

(Updated Oct. 29, 2018, 1:07 p.m.)


Review request for atlas, Apoorv Naik, Ashutosh Mestry, Larry McCay, Madhan 
Neethiraj, and Sarath Subramanian.


Changes
-------

This patch is revised by implementing with TrustedProxyAuthenticator which 
handles the authentication, and also handles review comments.

Property changed to "atlas.authentication.method.trustedproxy" to enable 
trusted support


Bugs: ATLAS-2824
    https://issues.apache.org/jira/browse/ATLAS-2824


Repository: atlas


Description
-------

This patch includes code to support request from knox proxy, where the proxy is 
already known and trusted to Atlas via configuration. Atlas intercepts the 
incoming requests and if it from knox proxy. Atlas allow the knox's doAs user 
to create session in Atlas. 

Configs required:-

atlas.authentication.allow.trustedproxy :- property allow trusted proxy support
atlas.proxyuser.knox.hosts :- property to add trusted hosts
atlas.proxyuser.knox.users :- property to add trusted users
atlas.proxyuser.knox.groups :- property to add trusted groups


Diffs (updated)
-----

  
webapp/src/main/java/org/apache/atlas/web/filters/AtlasTrustedProxyFilter.java 
PRE-CREATION 
  
webapp/src/main/java/org/apache/atlas/web/filters/TrustedProxyAuthenticator.java
 PRE-CREATION 
  
webapp/src/main/java/org/apache/atlas/web/security/AtlasProxyAuthenticator.java 
PRE-CREATION 
  webapp/src/main/java/org/apache/atlas/web/security/AtlasSecurityConfig.java 
24be5de20 


Diff: https://reviews.apache.org/r/68363/diff/3/

Changes: https://reviews.apache.org/r/68363/diff/2-3/


Testing
-------

Tested 

* Atlas UI from  Trusted Knox Proxy with Knox SSO loginpage.
* Atlas UI from  Knox Proxy with Atlas Login.
* Atlas UI from  Knox Proxy with SSO Filter enabled at Atlas.
* Atlas UI with Atlas Login.
* Atlas api from curl with BASIS & Kerberos headers


https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/573/console

Topology Used:-


<topology>
  <gateway>
????????<provider>
????????????<role>federation</role>
????????????<name>SSOCookieProvider</name>
????????????<enabled>true</enabled>
????????????<param>
????????????????<name>sso.authentication.provider.url</name>
????????????????<value>{KNOXHOST}/gateway/knoxsso/knoxauth/login.html</value>
????????????</param>
????????</provider>
????????<provider>
????????????<role>identity-assertion</role>
????????????<name>Default</name>
????????????<enabled>true</enabled>
????????</provider>
  </gateway>
  <service>
      <role>ATLAS</role>
      <url>{ATLAS_HOST}:21000/</url>
  </service>
  <service>
      <role>ATLAS-API</role>
      <url>{ATLAS_HOST}:21000</url>
  </service>
</topology>


Thanks,

Nixon Rodrigues

Reply via email to