This is to support web browser SSO for Hadoop web interfaces, with the following scope:
- Define web SSO flow. Based on the flow illustrated in TokenAuth design doc, this web SSO flow would be defined involving related parties including Authentication Service, Identity Token Service, Access Token Service and Hadoop web interface.
- Define token authn filter/handler API that frontends Hadoop web interface and interacts with related services in TokenAuth to do authentication and token exchange.
- Define and implement basic facilities to allow plugin of token authn filter/handler implementations.