Uploaded image for project: 'Falcon'
  1. Falcon
  2. FALCON-1027

Falcon REST API trusted proxy support

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7
    • Fix Version/s: 0.8
    • Component/s: None
    • Labels:
      None

      Description

      In order for Falcon REST API to work securely via the Knox gateway it must be possible to setup a trust relationship between Knox and Falcon. This is commonly done in other Hadoop ecosystem components using a combination of Kerberos/SPNego and a doas URL query parameter. This provides a mechanism for Falcon to strongly authenticate Knox as a trusted proxy, ensuring that it can trust the identity assertions made via the doas query parameter. The links below provide some information describing how this is done for core Hadoop. Also note that most components utilize Hadoop core's reusable hadoop-auth module to implement this functionality.
      http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Proxy_Users
      http://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html#Proxy_user

        Attachments

        1. FALCON-1027.V3.patch
          181 kB
          Sowmya Ramesh
        2. FALCON-1027.v2.patch
          186 kB
          Sowmya Ramesh
        3. FALCON-1027.v1.patch
          187 kB
          Sowmya Ramesh
        4. FALCON-1027.v0.patch
          187 kB
          Sowmya Ramesh
        5. ApacheFalcon-Proxyusersupport.pdf
          84 kB
          Sowmya Ramesh

          Issue Links

            Activity

              People

              • Assignee:
                sowmyaramesh Sowmya Ramesh
                Reporter:
                kho@hortonworks.com kenneth ho
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: