Hi Larry What is the hadoop-jwt token used for after configured knoxSSO? Does the service proxied by knox need to verify that hadoop-jwt token to let the user login without challenging again? I did not see how the services proxied by knox benefit from such "SSO" from the current Dev guide's knoxSSO integration guide. Did I miss anything?
Thanks Tony At 2016-03-24 21:25:50, "larry mccay" <[email protected]> wrote: Yes, that is correct. It is a protection against being redirected to pages that may do something malicious like phishing, etc. That should be documented in the users guide: http://knox.apache.org/books/knox-0-8-0/user-guide.html#KnoxSSO+Configuration+Parameters On Thu, Mar 24, 2016 at 12:58 AM, hdp <[email protected]> wrote: I also found that knoxsso.redirect.whitelist.regex should be configed in knoxSSO else it can only try to redirect to localhost, which make it impossible to reference in a production usage. Thanks Tony At 2016-03-23 09:58:04, "larry mccay" <[email protected]> wrote: Yes, that typo has to be fixed as well. That class is in the Hadoop code based and is shown as an example of how to configure the Hadoop UIs to accept the SSO cookie created by KnoxSSO. It will be in the Hadoop 2.8 release and is also available on trunk. It can be used as an example of a filter for integration. You can also use the SSOCookieProvider which is discussed in the dev guide. The documentation for 0.7/8/9.0 have been updated to fix what you pointed out. I will be circling back to fix the typos and rendering issues with all of the apostrophes as well. On Tue, Mar 22, 2016 at 9:19 PM, hdp <[email protected]> wrote: Hi Larry Thanks for updating the document for knox0.7. Please also note that knox 0.8 document has same issue. And I found the following in knox0.7 KnoxSSO+Integration: <value>org.apache.hadoop/security.authentication/server.JWTRedirectAuthenticationHandler</value> Is this a typo? It should be org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler? I did not found the class of JWTRedirectAuthenticationHandler in knox 0.7 lib and its dependency, hadoop-auth-2.2.0.jar ; neither knox0.8. Thanks At 2016-03-23 00:14:38, "larry mccay" <[email protected]> wrote: Hi Tony - Please see: http://knox.apache.org/books/knox-0-7-0/dev-guide.html#KnoxSSO+Integration for the missing documentation. I will need to circle back and some content rendering and review the docs again very closely but this should provide you with an overview of integrating applications with KnoxSSO. thanks, --larry On Tue, Mar 22, 2016 at 8:55 AM, larry mccay <[email protected]> wrote: Hi Tony - I will take a look at the docs and get the missing information added - thank you for pointing it out. If you provide some information regarding exactly what you are looking to accomplish, I can give you more specific instructions. Thanks, --larry On Tue, Mar 22, 2016 at 4:53 AM, hdp <[email protected]> wrote: How can I make knox 0.7 SSO work? The user's guide (KnoxSSO Setup and Configuration ->Introduction) says "We also provide integration guidance within the developers guide for other applications to be able to participate in these SSO capabilities." . But I did not find the how to make application participate in SSO in the developer's guide. The use's guide also says "[Please see the integration guide for instructions in adding support for new applications.] " . I did not the integration guide either. Can some one give a workable example for setting up knox -SSO? Thanks Tony Huang
