mmiklavc commented on a change in pull request #1275: METRON-1878: Add Metron as a Knox service URL: https://github.com/apache/metron/pull/1275#discussion_r243700693
########## File path: metron-interface/README.md ########## @@ -64,6 +64,8 @@ The UIs make REST requests this way with Knox enabled since they no longer depen REST still requires authentication so a filter is provided that can validate a Knox token using token properties and a Knox public key. The REST application also supports Basic authentication. Since both Knox and the REST application should use the same authentication mechanism, LDAP authentication is required for the REST application. +Roles are mapped directly to LDAP groups when Knox is enabled for REST. LDAP group names are converted to upper case and prepended with "ROLE_". For example, if a user's groups in LDAP were "user" and "admin", the corresponding roles in REST with Knox enabled would be "ROLE_USER" and "ROLE_ADMIN". Review comment: This is perfect, thanks! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
