[
https://issues.apache.org/jira/browse/KNOX-191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-191:
-----------------------------
Fix Version/s: (was: 0.5.0)
0.6.0
> Support Knox as "trusted proxy" allowing propagation of authenticated
> identity for client
> -----------------------------------------------------------------------------------------
>
> Key: KNOX-191
> URL: https://issues.apache.org/jira/browse/KNOX-191
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.1.0
> Reporter: Kevin Minder
> Fix For: 0.6.0
>
>
> The use case here is to extend the authentication trust even beyond Knox.
> This way Knox could be made to trust authentication performed via some
> "client" web application. The web application would authenticate to Knox as
> itself (ie service account) and Knox would trust the actual user identity
> asserted by the client app. Care must be taken to ensure that this play's
> well with the existing hadoop user.name and doas mechanisms. Currently we
> force user.name and doas parameters to be that of the authenticated user.
> For these "trusted proxy" clients that would need to be relaxed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
