Kevin Minder created KNOX-191:
---------------------------------
Summary: Support Knox as "trusted proxy" allowing propagation of
authenticated identity for client
Key: KNOX-191
URL: https://issues.apache.org/jira/browse/KNOX-191
Project: Apache Knox
Issue Type: New Feature
Components: Server
Affects Versions: 0.1.0
Reporter: Kevin Minder
Fix For: 0.4.0
The use case here is to extend the authentication trust even beyond Knox. This
way Knox could be made to trust authentication performed via some "client" web
application. The web application would authenticate to Knox as itself (ie
service account) and Knox would trust the actual user identity asserted by the
client app. Care must be taken to ensure that this play's well with the
existing hadoop user.name and doas mechanisms. Currently we force user.name
and doas parameters to be that of the authenticated user. For these "trusted
proxy" clients that would need to be relaxed.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
