[
https://issues.apache.org/jira/browse/KNOX-2411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on KNOX-2411 started by Sandor Molnar.
-------------------------------------------
> Implement composite authentication provider
> -------------------------------------------
>
> Key: KNOX-2411
> URL: https://issues.apache.org/jira/browse/KNOX-2411
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.5.0
>
>
> End-users should have a way of having different authentication providers
> bound to the same topology. For the first time, this _composite_
> authentication provider will default to the following behavior:
> * this is going to be a new servlet Filter (just like other providers)
> implementation
> * as with all providers in the Knox gateway, the composite authentication
> provider is configured through provider parameters
> * only {{JWT}} and {{HadoopAuth}} authentication providers are supported
> * in the {{doFilter}} method, there is going to be a check if the incoming
> request has a valid JWT token (as a {{bearer}} token) extracted from the
> {{Authorization}} header. If this is true, the request is then processed on
> behalf of the user represented by the JWT token (using the existing JWT
> federation provider). If there is no _valid_ JWT token, the new filter will
> try to achieve authentication using the existing {{HadoopAuth}}
> authentication filter.
> Later on, this composite authentication provider can be extended with
> different use-cases.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
