Kevin Minder created KNOX-698:
---------------------------------
Summary: Deterministic default provider selection model
Key: KNOX-698
URL: https://issues.apache.org/jira/browse/KNOX-698
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 0.9.0
Reporter: Kevin Minder
Fix For: 0.9.0
Currently the algorithem by which Knox selects a provider when one one is not
explicitly identified either by the deployment contributor or a topology is
essentially random.
1. This frequently leads to confusions when runtime failures occur because an
unexpected identity-assertion provider is selected. You can see the results of
this in that we have been forced to explicitly identify the "Default"
identity-assertion provider in all of our "out of the box" topology files.
2. While implementing KNOX-670 this also became inconvenient. In the simplest
of cases, "stock" applications may be used and no "policies" may be required.
That is no <gateway> section would be required in the topology file and no
special meta-data would need to be added to the application. Currently you
have to explicitly specify the "Default" identity-assertion and the "Anonymous"
authentication providers otherwise unexpected results occur.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
