Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

Vishal Suvagia via Review Board Tue, 05 Apr 2022 05:25:04 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/
-----------------------------------------------------------


(Updated April 5, 2022, 12:24 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
-------

updated changes to address review comments.


Bugs: RANGER-2704
    https://issues.apache.org/jira/browse/RANGER-2704


Repository: ranger


Description
-------

Need to support browser login using kerberos authentication. Added a logout for 
an unauthenticated user to redirect to the login page.


Diffs
-----

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 223a991c76bae7d25f5ce89604d0a8a90d426fe5 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 abbf2d983beb30b59e5d3f6429d6fc226f735793 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
0a1128613dca50fe67ea3f891261f1ee449c46db 


Diff: https://reviews.apache.org/r/72024/diff/2/


Testing
-------

Veriried kerberos ticket authentication is working on a kerberized browser.


Steps to test for a kerberized browser:
#1) For Kerberized browsers:
    #1> To open Chrome in kerberos enabled mode need to run below command:
       google-chrome --auth-server-whitelist="*ranger.testserver.com"
    #2> For Firefox, need to go to about:configs and then search for negotiate 
and then add the host domain    
        ranger.testserver.com to the property 
"network.negotiate-auth.trusted-uris"
#2) Perform kinit with the required user.
#3) Open the Ranger Admin portal using FQDN of the server host.


Known Issue: If there is no valid kerberos ticket, user lands on a blank page 
and a short hack is to either append locallogin to the URL or refresh the 
browser tab to redirect to the login page.
P.S: this issue is not observed on Google Chrome browser


File Attachments (updated)
----------------

RANGER-2704.patch
  
https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
RANGER-2704.02.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch
RANGER-2704.03.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/05/31e52557-051e-40ba-bc34-5dc6418e06f8__RANGER-2704.03.patch


Thanks,

Vishal Suvagia

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

Reply via email to