[
https://issues.apache.org/jira/browse/AMBARI-24390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16566567#comment-16566567
]
Hudson commented on AMBARI-24390:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9716 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/9716/])
AMBARI-24390. Filter services eligible for Ambari Single Sign-on (github:
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=9ecc11e99b717bf061474c7af44ee4ba7ece0964])
* (edit) ambari-server/src/main/python/ambari_server/setupSso.py
* (edit) ambari-server/src/test/python/TestSetupSso.py
> Filter services eligible for Ambari Single Sign-on Configuration if Kerberos
> is required but not enabled
> --------------------------------------------------------------------------------------------------------
>
> Key: AMBARI-24390
> URL: https://issues.apache.org/jira/browse/AMBARI-24390
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.1
> Reporter: Robert Levas
> Assignee: Attila Magyar
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.1
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Filter services from Ambari CLI when setting up SSO if not eligible when
> Kerberos is not enabled.
> In Ambari 2.7, services that are eligible for Ambari to manage their SSO
> configurations specify this in their metainfo file using like:
> {code}
> <sso>
> <supported>true</supported>
>
> <enabledConfiguration>application-properties/atlas.sso.knox.enabled</enabledConfiguration>
> </sso>
> {code}
> See AMBARI-23253
> See [Ambari Single Sign-on
> Configuration|https://github.com/apache/ambari/blob/branch-2.7/ambari-server/docs/security/sso/index.md]
> documentation
> However some services require Kerberos to be enabled for SSO to work. For
> example, HDFS, Yarn, and Oozie. For this case, the metadata is enhanced
> allowing for the metadata to indicate whether Kerberos is required
> (AMBARI-24335) and whether Kerberos is enabled (AMBARI-24384) for that
> service.
> This information can be found in the service resource data
> {code:title=GET /api/v1/clusters/CLUSTERNAME/services/OOZIE}
> {
> "href" :
> "http://ambari_host:8080/api/v1/clusters/CLUSTERNAME/services/OOZIE";,
> "ServiceInfo" : {
> ...
> "kerberos_enabled" : true,
> ...
> "sso_integration_desired": false,
> "sso_integration_enabled": false,
> "sso_integration_requires_kerberos": true,
> "sso_integration_supported": true,
> ...
> },
> ...
> }
> {code}
> Using this information, services may be included in or excluded from the list
> of services a user can choose for enabling SSO integration.
> For example
> ||sso_integration_supported||sso_integration_requires_kerberos||kerberos_enabled||Can
> Enable SSO||
> |true|true|true|yes
> |true|true|false|no
> |true|false|true|yes
> |true|false|false|yes
> |false|true|true|no
> |false|true|false|no
> |false|false|true|no
> |false|false|false|no
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
