[
https://issues.apache.org/jira/browse/KNOX-28?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-28:
----------------------------
Fix Version/s: (was: Future)
0.8.0
> Support federation/SSO using external tokens
> --------------------------------------------
>
> Key: KNOX-28
> URL: https://issues.apache.org/jira/browse/KNOX-28
> Project: Apache Knox
> Issue Type: New Feature
> Affects Versions: 0.2.0
> Reporter: Kevin Minder
> Labels: security
> Fix For: 0.8.0
>
>
> During our discussions with a customer they expressed requirements that the
> gateway and ultimately Hadoop proper accept externally generated
> authentication tokens. There are really two possible models here.
> 1. The gateway accepts external tokens (e.g. SAML, JWT, SWT), extracts the
> principal and passes that downstream via either pseudo auth mechanism or
> creation of hadoop.auth tokens.
> 2. The gateway is transparent and passes these external tokens through to the
> downstream services where they will perform the required verification. This
> model provides better security but will require changes to all downstream
> Hadoop services.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
