[ https://issues.apache.org/jira/browse/ATLAS-3153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850029#comment-16850029 ]
Bolke de Bruin commented on ATLAS-3153: --------------------------------------- [~sarath.ku...@gmail.com] sure, can you explain what you would like to see in the design doc? Both OpenID connect and spring security are well understood. The roles / groups might be something as they can be obtained from keycloak instead of UGI. That’s also pretty straightforward. Can you give me some guidance? > Support OpenID Connect directly rather than through Knox > -------------------------------------------------------- > > Key: ATLAS-3153 > URL: https://issues.apache.org/jira/browse/ATLAS-3153 > Project: Atlas > Issue Type: Improvement > Affects Versions: 2.0.0 > Reporter: Bolke de Bruin > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > The current SSO implementation with Apache Knox is limiting SSO > interoperability to Apache Knox. Knox uses JWT verification which could > easily be extended to allow for direct OpenID Connect support and doesn't > require organizations to deploy Knox. > Required changes: > * Pickup bearer token from headers > * Improve and standardize redirecting > * Optionally: obtain certificates from well_known uri > * Optionally: obtain user groups from userinfo endpoint rather than UGI -- This message was sent by Atlassian JIRA (v7.6.3#76005)