Kevin Minder created KNOX-1171:
----------------------------------
Summary: Handle invalid hadoop.auth cookie returned by Oozie
Key: KNOX-1171
URL: https://issues.apache.org/jira/browse/KNOX-1171
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 0.14.0
Reporter: Kevin Minder
Assignee: Kevin Minder
Fix For: 1.1.0
There are issues with Oozie/HadoopAuth that prevent the proxying of the Oozie
UI in secure clusters.
The HadoopAuth issue below is preventing HttpClient from handling hadoop.auth
token resulting in every interaction with Oozie requiring a SPNego
authentication in a secure cluster.
https://issues.apache.org/jira/browse/HADOOP-10710
The Oozie issue below prevents certain Oozie resources from be accessible when
SPNego authentication occurs. This is caused by these resources being
authenticated twice which results in a Kerberos replay attack
detection/failure. https://issues.apache.org/jira/browse/OOZIE-2427
The combination of these two issues prevents the Oozie UI from being proxied in
a secure cluster.
The proposed solution is to enhance HadoopAuthCookieStore to handle cases where
the cooke value isn't RFC2109 compliant by wrapping the value in double quotes
if they are missing.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
