Anytime, Georg. Please do keep us in the loop! On Fri, Oct 21, 2016 at 4:03 PM, Georg Heiler <[email protected]> wrote:
> Impressive. Thanks a lot. > larry mccay <[email protected]> schrieb am Fr. 21. Okt. 2016 um 20:00: > >> This would absolutely work. >> >> The question is how you would expect to have the authenticated identity >> propagated to the custom service. >> In hadoop there is a common pattern for components like Knox to be a >> "trusted proxy". >> This requires kerberos authentication, the use of a query param called >> doas to set the username. >> Config on the REST service side explicitly identifies the servers that >> can act on behalf of other users. >> >> All you have to do to add a new API to Knox is provide a service >> definition and rewrite rules for making sure that requests go back through >> Knox. >> See: https://cwiki.apache.org/confluence/display/KNOX/2015/ >> 12/17/Adding+a+service+to+Apache+Knox >> >> On Fri, Oct 21, 2016 at 1:44 PM, Georg Heiler <[email protected]> >> wrote: >> >> Hi, >> I am curious if knox supports authenticating custom rest apis as well. I >> would like to use knox as a sort of api gateway for a predictive >> api exposed by http://predictionio.incubator.apache.org/index.html >> >> - does this work? >> - what amount of latency is added? >> >> Kind Regards, >> Georg >> >> >>
