Larry McCay created KNOX-521:
--------------------------------
Summary: Enhance Principal Mapping to Handle Dynamic Mappings
Key: KNOX-521
URL: https://issues.apache.org/jira/browse/KNOX-521
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Larry McCay
Fix For: 0.6.0
We will add the ability to use provider parameters in order to dynamically
create a disambiguated username for use in the Hadoop cluster.
This will require unix accounts for the disambiguated name inside the cluster.
The mapping syntax will be something like the following to dynamically append a
domain/tenant id to the username:
{code}
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
<param>
<name>tenant.id</name>
<value>_domain1</value>
</param>
<param>
<name>principal.mapping</name>
<value>*=_PRINCIPAL+$tenant.id</value>
</param>
</provider>
{code}
The above demonstrates using a dynamic method of adding a tenant.id as a suffix
for disambiguating users for this topology from users of another. Reversing the
order of that idea would provide a prefix. This generic parameter name approach
is very flexible.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
