[ https://issues.apache.org/jira/browse/KNOX-2413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated KNOX-2413: -------------------------------- Description: There is a need for adding JWT support in the HadoopAuth security provider as follows: if the incoming request has a valid JWT token (as a {{bearer}} token) extracted from the {{Authorization}} header the request is then processed on behalf of the user represented by the JWT token (using the existing JWT federation provider). If there is no _valid_ JWT token, the {{HadoopAuth}} authentication filter should do its job as it does today. The ability to implement a general composite authentication provider is discussed in KNOX-2411, but we agreed that such a provider would need more planning and maybe a KIP so that this feature should be targeted in a separate JIRA. was: There is a need for adding JWT support in the HadoopAuth security provider s follows: if the incoming request has a valid JWT token (as a {{bearer}} token) extracted from the {{Authorization}} header the request is then processed on behalf of the user represented by the JWT token (using the existing JWT federation provider). If there is no _valid_ JWT token, the {{HadoopAuth}} authentication filter should do its job as it does today. The ability to implement a general composite authentication provider is discussed in KNOX-2411, but we agreed that such a provider would need more planning and maybe a KIP so that this feature should be targeted in a separate JIRA. > Add JWT support for HadoopAuth provider > --------------------------------------- > > Key: KNOX-2413 > URL: https://issues.apache.org/jira/browse/KNOX-2413 > Project: Apache Knox > Issue Type: New Feature > Components: Server > Affects Versions: 1.5.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Major > Fix For: 1.5.0 > > > There is a need for adding JWT support in the HadoopAuth security provider as > follows: if the incoming request has a valid JWT token (as a {{bearer}} > token) extracted from the {{Authorization}} header the request is then > processed on behalf of the user represented by the JWT token (using the > existing JWT federation provider). If there is no _valid_ JWT token, the > {{HadoopAuth}} authentication filter should do its job as it does today. > The ability to implement a general composite authentication provider is > discussed in KNOX-2411, but we agreed that such a provider would need more > planning and maybe a KIP so that this feature should be targeted in a > separate JIRA. -- This message was sent by Atlassian Jira (v8.3.4#803005)