[jira] [Commented] (KNOX-1783) Proxy support for Superset UI

Thu, 07 Mar 2019 10:54:09 -0800 


    [ 
https://issues.apache.org/jira/browse/KNOX-1783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16787096#comment-16787096
 ] 

Kevin Risden commented on KNOX-1783:
------------------------------------

[~mapto] I think you should separate your concerns about proxying from 
authentication integration.

 
{quote}For actual proxying, I also need to do some sort of authentication 
integration. 
{quote}
This isn't entirely true. I like to think about Knox as providing two services 
1) proxying (limiting open ports to backend) 2) authentication (avoid 
configuring authentication/exposing kerberos everywhere). Rewrite rules focus 
on proxying and are important to limit the number of open ports. Authentication 
is a separate concern.

You can have rewrite rules for any application without changing the underlying 
application itself. Knox provides rewrite rule capabilities to change the 
contents of the page to make sure that they are rewritten back to the proxy url.

As far as support for Knox SSO (or other authentication types), this typically 
requires changing the application itself. As you found Superset supports a 
certain list of authentication options. None of which are Knox SSO (or any of 
the authentication types that Knox supports. Knox SSO doesn't implement a SAML 
compatible endpoint so federation in your example won't work. Not sure I 
understand your authentication example. 

Either way I think you should separate the proxying (limiting ports) from the 
authentication piece. The authentication side will most likely require changing 
Superset in some way.

> Proxy support for Superset UI
> -----------------------------
>
>                 Key: KNOX-1783
>                 URL: https://issues.apache.org/jira/browse/KNOX-1783
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Martin Ruskov
>            Assignee: Martin Ruskov
>            Priority: Minor
>             Fix For: 1.3.0
>
>
> Provide proxy UI support for the Superset UI.
>  
> To my understanding, this is a matter of adding a [new 
> service|https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/adding_new_service_knox_gateway.html]
>  to the KNOX gateway, but there seem to be problems with trailing slashes



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to