[jira] [Commented] (KNOX-579) Regex based identity assertion provider with static dictionary lookup

Thu, 30 Jul 2015 18:14:08 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14648584#comment-14648584
 ] 

ASF subversion and git services commented on KNOX-579:
------------------------------------------------------

Commit b618ff3e350eb24a0626b5ae90e1c246ce5e325b in knox's branch 
refs/heads/master from [~kevin.minder]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=b618ff3 ]

KNOX-579: Regex based identity assertion provider with static dictionary lookup


> Regex based identity assertion provider with static dictionary lookup
> ---------------------------------------------------------------------
>
>                 Key: KNOX-579
>                 URL: https://issues.apache.org/jira/browse/KNOX-579
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.5.0
>            Reporter: Kevin Minder
>            Assignee: Kevin Minder
>             Fix For: 0.7.0
>
>         Attachments: KNOX-579-001.patch
>
>
> I've been running into situations where customers need to do more complex 
> identity mapping than the current providers can handle.  I have a prototype 
> that can do this sort of thing.
> Static
> {code}
>         <provider>
>             <role>federation</role>
>             <name>HeaderPreAuth</name>
>             <enabled>true</enabled>
>         </provider>
>         <provider>
>             <role>identity-assertion</role>
>             <name>Regex</name>
>             <enabled>true</enabled>
>             <param>
>                 <name>output</name>
>                 <value>static-user</value>
>             </param>
>         </provider>
> {code}
> This will yieid results like this
> {code}
> curl -k --header "SM_USER: [email protected]" 
> 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY'
> {"Path":"/user/static-user"}
> {code}
> Regex
> {code}
>         <provider>
>             <role>federation</role>
>             <name>HeaderPreAuth</name>
>             <enabled>true</enabled>
>         </provider>
>         <provider>
>             <role>identity-assertion</role>
>             <name>Regex</name>
>             <enabled>true</enabled>
>             <param>
>                 <name>input</name>
>                 <value>(.*)@(.*?)\..*</value>
>             </param>
>             <param>
>                 <name>output</name>
>                 <value>{1}_{[2]}</value>
>             </param>
>             <param>
>                 <name>lookup</name>
>                 <value>us=USA;ca=CANADA</value>
>             </param>
>         </provider>
> {code}
> This will yield this type of results.
> {code}
> curl -k --header "SM_USER: [email protected]" 
> 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY'
> {"Path":"/user/member_USA"}
> url -k --header "SM_USER: [email protected]" 
> 'https://localhost:8443/gateway/sandbox/webhdfs/v1?op=GETHOMEDIRECTORY'
> {"Path":"/user/member_CANADA"}
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to