----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68363/ -----------------------------------------------------------
(Updated Nov. 9, 2018, 12:59 p.m.) Review request for atlas, Apoorv Naik, Ashutosh Mestry, Larry McCay, Madhan Neethiraj, and Sarath Subramanian. Changes ------- Updated patch to reuse hadoop's ProxyUser class and code refactoring. Bugs: ATLAS-2824 https://issues.apache.org/jira/browse/ATLAS-2824 Repository: atlas Description ------- This patch includes code to support request from knox proxy, where the proxy is already known and trusted to Atlas via configuration. Atlas intercepts the incoming requests and if it from knox proxy. Atlas allow the knox's doAs user to create session in Atlas. Configs required:- atlas.authentication.allow.trustedproxy :- property allow trusted proxy support atlas.proxyuser.knox.hosts :- property to add trusted hosts atlas.proxyuser.knox.users :- property to add trusted users atlas.proxyuser.knox.groups :- property to add trusted groups Diffs (updated) ----- webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationFilter.java e5c40d061 Diff: https://reviews.apache.org/r/68363/diff/6/ Changes: https://reviews.apache.org/r/68363/diff/5-6/ Testing ------- Tested * Atlas UI from Trusted Knox Proxy with Knox SSO loginpage. * Atlas UI from Knox Proxy with Atlas Login. * Atlas UI from Knox Proxy with SSO Filter enabled at Atlas. * Atlas UI with Atlas Login. * Atlas api from curl with BASIS & Kerberos headers https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/573/console Topology Used:- <topology> <gateway> ????????<provider> ????????????<role>federation</role> ????????????<name>SSOCookieProvider</name> ????????????<enabled>true</enabled> ????????????<param> ????????????????<name>sso.authentication.provider.url</name> ????????????????<value>{KNOXHOST}/gateway/knoxsso/knoxauth/login.html</value> ????????????</param> ????????</provider> ????????<provider> ????????????<role>identity-assertion</role> ????????????<name>Default</name> ????????????<enabled>true</enabled> ????????</provider> </gateway> <service> <role>ATLAS</role> <url>{ATLAS_HOST}:21000/</url> </service> <service> <role>ATLAS-API</role> <url>{ATLAS_HOST}:21000</url> </service> </topology> Thanks, Nixon Rodrigues