[YARN-11155] ATS v1.5 doesn't work with JWTRedirectAuthenticationHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.1.2, 3.3.2
Fix Version/s: None
Component/s: timelineserver
Labels:
None

Description

When ATS is configured with JWTRedirectAuthenticationHandler for KnoxSSO, In ATS, Delegation Token operation does not work.

In this situation, All hadoop web daemon use JWTRedirectAuthenticationHandler for KnoxSSO. But ATS should be use kerberos auth handler. Tez job users should login to kerberos for spnego auth for tez-ui access in own local pc. It is very inconvenient.

Expected result (use JWTRedirectAuthenticationHandler)

curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
{
    "Token": {
        "urlString": "KAbnVtLWFkbWm8EsIAZVElNfREVMRUTl9UT0tFTgA"
    }
}

Wrong result (use JWTRedirectAuthenticationHandler)

curl -s -u: --negotiate "https://ats.host.com:8190/ws/v1/timeline/?op=GETDELEGATIONTOKEN&&renewer=rm%2Frm1.host.com%40EXAMPLE.ORG"
{
    "About": "Timeline API",
    "hadoop-build-version": "3.1.2 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by irteam source checksum 444e3aaa7feb4f8f73c3c3a71dbdd38",
    "hadoop-version": "3.1.2",
    "hadoop-version-built-on": "2022-04-08T03:45Z",
    "timeline-service-build-version": "3.1.2-49 from 7c62584effd9a5aa4b90d22dbf8d8eb2bca03feb by users source checksum 7594ee7186b86eeccfc787d139ee8b",
    "timeline-service-version": "3.1.2",
    "timeline-service-version-built-on": "2022-04-08T03:49Z"
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-11155.001.patch
16/May/22 08:51
2 kB
KWON BYUNGCHANG

Activity

People

Assignee:: Unassigned

Reporter:: KWON BYUNGCHANG

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/May/22 08:50

Updated:: 16/May/22 08:51