Mihaly Szjatinya has posted comments on this change. ( http://gerrit.cloudera.org:8080/23237 )
Change subject: IMPALA-14285: Add SAML2 authentication support for Impala Web UI ...................................................................... Patch Set 11: (6 comments) http://gerrit.cloudera.org:8080/#/c/23237/9/be/src/transport/THttpServer.h File be/src/transport/THttpServer.h: http://gerrit.cloudera.org:8080/#/c/23237/9/be/src/transport/THttpServer.h@231 PS9, Line 231: the bearer token is expected. > nit: "where bearing token is expected"? ack http://gerrit.cloudera.org:8080/#/c/23237/9/be/src/util/backend-gflag-util.cc File be/src/util/backend-gflag-util.cc: http://gerrit.cloudera.org:8080/#/c/23237/9/be/src/util/backend-gflag-util.cc@193 PS9, Line 193: ws_saml2_sp_callback_url > optional: webserver_saml2_sp_callback_url would be clearer yeah but a bit too long imho http://gerrit.cloudera.org:8080/#/c/23237/9/common/thrift/metrics.json File common/thrift/metrics.json: http://gerrit.cloudera.org:8080/#/c/23237/9/common/thrift/metrics.json@3944 PS9, Line 3944: mpted to authent > This sounds unfinished - a similar description could be used as for hs2 sam ack http://gerrit.cloudera.org:8080/#/c/23237/9/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java File fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java: http://gerrit.cloudera.org:8080/#/c/23237/9/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java@38 PS9, Line 38: public abstract class HiveSamlRelayStateStoreBase<T> implements ValueGenerator { > I don't see the original class removed - is that still needed? Yeah, my bad. http://gerrit.cloudera.org:8080/#/c/23237/9/fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientWS.java File fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientWS.java: http://gerrit.cloudera.org:8080/#/c/23237/9/fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientWS.java@80 PS9, Line 80: @Override : public void validateAuthnResponse(WrappedWebContext webContext) : throws InternalException { : validateAuthnResponseCommon(webContext, HiveSamlRelayStateStoreWS.get(), : new AuthnResponseHandler<HiveSamlRelayStateInfoWS>() { : @Override : public void handleSuccess(WrappedWebContext webContext, String nameId, : String relayState, HiveSamlRelayStateInfoWS relayStateInfo) { : Preconditions.checkState(nameId != null); : String uri = relayStateInfo.getUri(); : LOG.debug("Successfully validated saml response. Forwarding to " + uri); : webContext.setResponseStatusCode(302); : webContext.setResponseHeader("Location", uri); : // returning authenticated user name in response's body : webContext.setResponseContent("", nameId); : } : : @Override : public void handleFailure(WrappedWebContext webContext, : HiveSamlRelayStateInfoWS relayStateInfo, String errorMsg) { : webContext.setResponseStatusCode(401); : webContext.setResponseContent("", errorMsg); : } : }); : } : } : : : > This seems nearly the same as HiveSamlHttpServlet.doPost() I agree, the whole doPost() thing was a bit awkward. Refactored. http://gerrit.cloudera.org:8080/#/c/23237/9/tests/custom_cluster/test_saml2_sso.py File tests/custom_cluster/test_saml2_sso.py: http://gerrit.cloudera.org:8080/#/c/23237/9/tests/custom_cluster/test_saml2_sso.py@383 PS9, Line 383: """ > I find the inheritance with tests quite unusual. Also, I don't see a good r That seemed like clearer design but perhaps too much as for tests. Refactored. -- To view, visit http://gerrit.cloudera.org:8080/23237 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I12540300529f9c240abf7196141ecb0ae6e37995 Gerrit-Change-Number: 23237 Gerrit-PatchSet: 11 Gerrit-Owner: Mihaly Szjatinya <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Mihaly Szjatinya <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Comment-Date: Wed, 17 Dec 2025 12:14:30 +0000 Gerrit-HasComments: Yes
