Thomas Tauber-Marshall has posted comments on this change. ( http://gerrit.cloudera.org:8080/16833 )
Change subject: IMPALA-10496: SAML implementation in Impala ...................................................................... Patch Set 26: Code-Review+2 (1 comment) Looks good, just one final thing I noticed http://gerrit.cloudera.org:8080/#/c/16833/26/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/16833/26/be/src/rpc/authentication.cc@1368 PS26, Line 1368: if (use_saml) { This case makes me kind of nervous - easy to imagine a user setting up SAML and not realizing that they're leaving other endpoints entirely unsecured. Maybe we should log an error in that case, eg. if either FLAGS_beeswax_port or FLAGS_hs2_port are non-zero so we're actually using external_auth_provider_, or even disallow it by returning an error. -- To view, visit http://gerrit.cloudera.org:8080/16833 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia0c026cba1b90e7ff6ec5ae49be78b0d1edd8dfa Gerrit-Change-Number: 16833 Gerrit-PatchSet: 26 Gerrit-Owner: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Thomas Tauber-Marshall <[email protected]> Gerrit-Reviewer: Vihang Karajgaonkar <[email protected]> Gerrit-Comment-Date: Wed, 17 Feb 2021 22:45:58 +0000 Gerrit-HasComments: Yes
