-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70632/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2423
https://issues.apache.org/jira/browse/RANGER-2423
Repository: ranger
Description
-------
**Problem Description: ** If Ranger LB is non ssl and KnoxSSO is enabled then
for the Knox request originURL is the LB URL. However
If Ranger LB is ssl and KnoxSSO is enabled then for the Knox request originURL
changes to either of Ranger host. It is expected that behaviour of originURL
should not change irrespective of ranger ssl/non ssl mode.
Currently if Ranger LB is SSL enabled then sending X-Forwarded-Proto and
X-Forwarded-SSL header doesn't work. if these headers are not sent from LB then
forward URL becomes the actual ranger-admin URL than LB URL.
**Proposed Solution:** If LB is SSL then proposed patch shall accept the
X-Forwarded-Proto and X-Forwarded-SSL headers and will ensure the origin URL is
LB URL.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
8a6c39b8f
Diff: https://reviews.apache.org/r/70632/diff/1/
Testing
-------
Scenario tested when LB is simple and SSL enabled.
1.Tested Ranger HA with knoxproxy
2.Tested Ranger HA with Knoxsso
3.Tested Ranger HA with knoxproxy and knoxSSO
4.Tested Ranger HA with Knoxsso through curl(using hadoop-jwt token)
Thanks,
Pradeep Agrawal
