[
https://issues.apache.org/jira/browse/KNOX-191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-191:
------------------------------
Fix Version/s: (was: 0.7.0)
Future
> Support Knox as "trusted proxy" allowing propagation of authenticated
> identity for client
> -----------------------------------------------------------------------------------------
>
> Key: KNOX-191
> URL: https://issues.apache.org/jira/browse/KNOX-191
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.1.0
> Reporter: Kevin Minder
> Fix For: Future
>
>
> The use case here is to extend the authentication trust even beyond Knox.
> This way Knox could be made to trust authentication performed via some
> "client" web application. The web application would authenticate to Knox as
> itself (ie service account) and Knox would trust the actual user identity
> asserted by the client app. Care must be taken to ensure that this play's
> well with the existing hadoop user.name and doas mechanisms. Currently we
> force user.name and doas parameters to be that of the authenticated user.
> For these "trusted proxy" clients that would need to be relaxed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
