-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66509/#review200863
-----------------------------------------------------------


Ship it!




Ship It!

- Qiang Zhang


On April 9, 2018, 2:33 p.m., Vishal Suvagia wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66509/
> -----------------------------------------------------------
> 
> (Updated April 9, 2018, 2:33 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2060
>     https://issues.apache.org/jira/browse/RANGER-2060
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
> Ranger and Knox.
> 
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
> ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
> knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
> knox2.abc.com.
> 
> If Ranger load-balancer URL is used in the knox topology for knox-proxy 
> ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/....?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway/<topology>/ranger
> 
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
> Ranger to login.
> 
> 
> Diffs
> -----
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
>  ec6d78d 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  22ba524 
> 
> 
> Diff: https://reviews.apache.org/r/66509/diff/1/
> 
> 
> Testing
> -------
> 
> Verified Knox-SSO and Knox-Proxy authentication to be working for 
> Ranger-Admin in simple and kerberos enabled environments.
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

Reply via email to