[
https://issues.apache.org/jira/browse/ATLAS-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16849642#comment-16849642
]
Saqeeb Shaikh edited comment on ATLAS-3153 at 5/28/19 12:01 PM:
----------------------------------------------------------------
Thanks for the patch [~bolke]. I have done basic validations with keycloak
server, it looks good.
I am validating if this patch has some impact on current authentications
methods supported by Atlas, I'll update you by tomorrow EOD.
was (Author: saqeeb.shaikh136):
Thanks for the patch [~bolke]. I have done basic validations with keycloak
server, it looks good.
> Support OpenID Connect directly rather than through Knox
> --------------------------------------------------------
>
> Key: ATLAS-3153
> URL: https://issues.apache.org/jira/browse/ATLAS-3153
> Project: Atlas
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Bolke de Bruin
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The current SSO implementation with Apache Knox is limiting SSO
> interoperability to Apache Knox. Knox uses JWT verification which could
> easily be extended to allow for direct OpenID Connect support and doesn't
> require organizations to deploy Knox.
> Required changes:
> * Pickup bearer token from headers
> * Improve and standardize redirecting
> * Optionally: obtain certificates from well_known uri
> * Optionally: obtain user groups from userinfo endpoint rather than UGI
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
