[jira] [Commented] (KNOX-1783) Proxy support for Superset UI

Thu, 07 Mar 2019 08:13:29 -0800 


    [ 
https://issues.apache.org/jira/browse/KNOX-1783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786928#comment-16786928
 ] 

Martin Ruskov commented on KNOX-1783:
-------------------------------------

I seem to be somewhat lost. For actual proxying, I also need to do some sort of 
authentication integration. Once logged in both I am managing to engineer the 
URLs so that I access Superset pages via the Gateway.

However, I find it difficult to assess my options to implement SSO 
functionality. Here's what I have:

Superset (via Flask AppBuilder's [security 
feature|https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-methods])
 offers the following authentication options:
 * OpenID
 * REMOTE_USER environmental variable
 * Database
 * LDAP
 * OAuth

To my understanding, these could be matched with Knox in the following 
combinations:
 * Authentication: Using the Knox Shiro IdP, and then find a way to login to 
Superset. This means doing all of the following: 
 ** mapping Knox's user.name GET request variable to Superset's username
 ** Passing the password and
 ** Sharing a CSRF token between the two or use some other headers to overcome 
the CORS/XSS problem.
 * Federation: Using a token, most probably this would mean that I need to look 
into using KnoxSSO as the authentication provider and Superset as service 
provider. To this end I need to do one of the following:
 ** Integrate SAML authentication in Superset/FlaskAppBuilder
 ** USe KnoxSSO as the authentication service to generate OAuth token

Which of these look reasonable to someone more familiar with Knox than me? 
Unfortunately looking at the ProviderDeploymentContributorBase class hierarchy, 
I am for now not able to find how to do any of the above.

> Proxy support for Superset UI
> -----------------------------
>
>                 Key: KNOX-1783
>                 URL: https://issues.apache.org/jira/browse/KNOX-1783
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Martin Ruskov
>            Assignee: Martin Ruskov
>            Priority: Minor
>             Fix For: 1.3.0
>
>
> Provide proxy UI support for the Superset UI.
>  
> To my understanding, this is a matter of adding a [new 
> service|https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/adding_new_service_knox_gateway.html]
>  to the KNOX gateway, but there seem to be problems with trailing slashes



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to