nrg4878 commented on a change in pull request #2954:
URL: https://github.com/apache/hive/pull/2954#discussion_r797056288
##########
File path:
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
##########
@@ -214,9 +214,13 @@ protected void doPost(HttpServletRequest request,
HttpServletResponse response)
}
} else if (HiveSamlUtils.isSamlAuthMode(authType)) {
// check if this request needs a SAML redirect
- if (needsRedirect(request, response)) {
+ String authHeader = request.getHeader(HttpAuthUtils.AUTHORIZATION);
+ if ((authHeader == null || authHeader.isEmpty()) &&
needsRedirect(request, response)) {
doSamlRedirect(request, response);
return;
+ } else
if(authHeader.toLowerCase().startsWith(HttpAuthUtils.BASIC.toLowerCase())) {
+ //LDAP Authentication if the header starts with Basic
+ clientUserName = doPasswdAuth(request,
HiveAuthConstants.AuthTypes.NONE.toString());
Review comment:
so HIVE_SERVER2_TRUSTED_PROXY_TRUSTHEADER is for scenarios when the
authentication is performed at a boundary service like knox/sidecars etc. After
the auth is performed, the authenticator will add this TRUST header into the
request and along with the username and forward the request to the service.
HS2 will trust that the authentication has already been done and relies on
it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
