Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-821

Identity Assertion Providers must be able to be chained together

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Server
    • Labels:
      None

      Description

      The provider pipeline currently is limited to a single plugin per role name. Identity assertion providers are immediately in need of support for multiple at the same time. Especially since the addition of the Hadoop group lookup provider, we need to be able to also map principals or extract usernames from principals before group lookup using regex, etc.

      It may make sense to also support multiple authentication/federation providers for MFA type scenarios.

      We should consider whether we want a generic approach to being able to have multiple providers across the board or whether an identity assertion specific solution is prudent.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: