Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9533 Centralized Hadoop SSO/Token Server
  3. HADOOP-9535

HSSO Server - IDP/SP Authentication Endpoint Deployment

Add voteVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None

    Description

      This effort will result in an embedded Jetty based server that deploys endpoints for the authentication or federation of entities.

      It will leverage common facilities for authentication and federation providers within servlet filters which allow composability of various provider types to satisfy various token and authentication processing requirements.

      For instance:

      In order for a client application to authenticate using BASIC credentials and receive a token that will allow access to HDFS we may need to provide a couple an endpoint comprised of an authentication provider and a token generation provider:

      1. BASIC->LDAP Authentication Provider
      2. Access Token Generation Provider

      This allows a user to authenticate to the HSSO service endpoint with simple username/password using HTTP BASIC and leverage a simple username bind to an LDAP server for authentication. It then uses the resulting normalized java.security.Subject to generate an access token for the user to pass along with subsequent requests to other Hadoop services.

      Hadoop services only need to verify the token validity and trust of the issuer - HSSO service - in order to authenticate access to its protected resources.

      This task is dependent on common authentication provider frameworks and will need to insure compatibility and the composability described in this task.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            lmccay Larry McCay

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 504h
                504h
                Remaining:
                Remaining Estimate - 504h
                504h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment