[jira] [Commented] (NIFI-4382) Add KnoxSSO support to NiFi

Tue, 26 Sep 2017 16:22:32 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181738#comment-16181738
 ] 

ASF GitHub Bot commented on NIFI-4382:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/2177
  
    Ok, here are my thoughts on this PR:
    
    * I got test failures on `TestListenUDP` when running the full build. I am 
assuming nothing here changed that so it's unrelated and I won't count it 
against this PR, but making a note here because I had not seen it on `master`. 
    * There are checkstyle issues I [noted 
above](https://github.com/apache/nifi/pull/2177#issuecomment-332344883). 
    * I validated the following use cases:
      * Normal positive flow
      * Bad username/password fails
      * The Knox user authenticates but has no access policies on the canvas
      * The Knox user JWT has no audiences and NiFi does not require any
      * The Knox user JWT has no audiences and NiFi requires one
      * The Knox user JWT has the wrong audience (i.e. not one required by NiFi)
      * The Knox user JWT has the correct audience as required by NiFi
      * The Knox user is logged in with one browser and another user is logged 
in via client certificate in another
    * Issues found:
      * No way to logout of the Knox user through the NiFi UI (treated same as 
client certificate)
        * Workaround: Use browser to delete `hadoop-jwt` cookie
      * If Knox SSO is configured to provide the wrong/insufficient audiences, 
the login UX simply immediately redirects to the Knox login UI with no error 
message
        * Workaround: the NiFi User Log (`logs/nifi-user.log`) contains a 
helpful error message
    
    To me, neither issue is a blocker for this PR but I do think they should be 
resolved in a future release. +1, LGTM (with the checkstyle violation 
resolutions pending). 


> Add KnoxSSO support to NiFi
> ---------------------------
>
>                 Key: NIFI-4382
>                 URL: https://issues.apache.org/jira/browse/NIFI-4382
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>            Reporter: Jeff Storck
>            Assignee: Jeff Storck
>
> Add support for KnoxSSO to NiFi.
> Reference documentation: 
> http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to