Mihaly Szjatinya has posted comments on this change. ( http://gerrit.cloudera.org:8080/23237 )
Change subject: IMPALA-14285: Add SAML2 authentication support for Coordinator Web UI ...................................................................... Patch Set 24: (11 comments) http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/rpc/authentication-util.cc File be/src/rpc/authentication-util.cc: http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/rpc/authentication-util.cc@326 PS22, Line 326: discard_result( > Unused variable "status". Ack http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/rpc/authentication-util.cc@336 PS22, Line 336: i > Nit: remove extra space. Ack http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/rpc/authentication.cc@992 PS22, Line 992: ThriftServer::ConnectionContext* connection_context, const AuthenticationHash& hash) { > The "ValidateSaml2AuthnResponseInternal" function can return nullptr. That Ack http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/util/webserver.cc File be/src/util/webserver.cc: http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/util/webserver.cc@117 PS22, Line 117: "--webserver_require_spnego, or --webserver_saml2_sp_callback_url."); > Need to also note htpasswd cannot be used with SAML. Done http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/util/webserver.cc@355 PS22, Line 355: // excluding catalogd, statestored and impalad executors > Executors, catalogd, and statestored all have debug webUIs, why not include There was discussion on this and it was decided that it's only needed for Coordinators. Updated the Jira. http://gerrit.cloudera.org:8080/#/c/23237/22/be/src/util/webserver.cc@940 PS22, Line 940: : // Bypass LDAP/SPNEGO and SAML authentication for bootstrap health checks. : // Restricted to localhost-only requests and monit > These three constants need to be shared with the constants passed to the va Done http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateInfoHS2.java File fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateInfoHS2.java: http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateInfoHS2.java@20 PS22, Line 20: // copy of https://github.com/vihangk1/hive/blob/45863cc1fc94c2f2a848d0f3fc160a4dc0214747/service/src/java/org/apache/hive/service/auth/saml/HiveSamlRelayStateInfo.java > Please include the exact commit hash this file was base upon. Ack http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java File fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java: http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreBase.java@38 PS22, Line 38: > Nit: please consider renaming to HiveSamlRelayStateCacheBase only to avoid Done http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreHS2.java File fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreHS2.java: http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/HiveSamlRelayStateStoreHS2.java@24 PS22, Line 24: // slightly modified copy of https://github.com/vihangk1/hive/blob/45863cc1fc94c2f2a848d0f3fc160a4dc0214747/service/src/java/org/apache/hive/service/auth/saml/HiveSamlRelayStateInfo.java > Please include the exact commit hash this file was base upon. Ack http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientHS2.java File fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientHS2.java: http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientHS2.java@32 PS22, Line 32: // modified version of https://github.com/vihangk1/hive/blob/d0209a6f026106622523bd4ec7eeeae33782e7a3/service/src/java/org/apache/hive/service/auth/saml/HiveSaml2Client.java > Please include the exact commit hash this file was base upon. Ack http://gerrit.cloudera.org:8080/#/c/23237/22/fe/src/main/java/org/apache/impala/authentication/saml/ImpalaSamlClientHS2.java@143 PS22, Line 143: // https://github.com/vihangk1/hive/blob/d0209a6f026106622523bd4ec7eeeae33782e7a3/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java > Please include the exact commit hash this file was base upon. Ack -- To view, visit http://gerrit.cloudera.org:8080/23237 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I12540300529f9c240abf7196141ecb0ae6e37995 Gerrit-Change-Number: 23237 Gerrit-PatchSet: 24 Gerrit-Owner: Mihaly Szjatinya <[email protected]> Gerrit-Reviewer: Abhishek Rawat <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Mihaly Szjatinya <[email protected]> Gerrit-Reviewer: Nandor Kollar <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Comment-Date: Fri, 05 Jun 2026 16:53:22 +0000 Gerrit-HasComments: Yes
