KWON BYUNGCHANG created YARN-11155:
--------------------------------------
Summary: ATS v1.5 doesn't work with
JWTRedirectAuthenticationHandler
Key: YARN-11155
URL: https://issues.apache.org/jira/browse/YARN-11155
Project: Hadoop YARN
Issue Type: Bug
Components: timelineserver
Affects Versions: 3.3.2, 3.1.2
Reporter: KWON BYUNGCHANG
When ATS is configured with JWTRedirectAuthenticationHandler for KnoxSSO, In
ATS, Delegation Token operation does not work.
In this situation, All hadoop web daemon use JWTRedirectAuthenticationHandler
for KnoxSSO. But ATS should be use kerberos auth handler. Tez job users should
login to kerberos for spnego auth for tez-ui access in own local pc. It is very
inconvenient.
Expected result (use JWTRedirectAuthenticationHandler)
{code:java}
curl -s -u: --negotiate
"https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG";
{
"Token": {
"urlString": "KAbnVtLWFkbWm8EsIAZVElNfREVMRUTl9UT0tFTgA"
}
}
{code}
Wrong result (use JWTRedirectAuthenticationHandler)
{code:java}
curl -s -u: --negotiate
"https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG";
{
"About": "Timeline API",
"hadoop-build-version": "3.1.2 from
7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by irteam source checksum
444e3aaa7feb4f8f73c3c3a71dbdd38",
"hadoop-version": "3.1.2",
"hadoop-version-built-on": "2022-04-08T03:45Z",
"timeline-service-build-version": "3.1.2-49 from
7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by users source checksum
7594ee7186b86eeccfc787d139ee8b",
"timeline-service-version": "3.1.2",
"timeline-service-version-built-on": "2022-04-08T03:49Z"
}
{code}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
