[RANGER-2423] Ranger KnoxSSO authentication in Ranger HA environment - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: Ranger
Labels:
None

Description

Problem Description: If Ranger LB is non ssl and KnoxSSO is enabled then for the Knox request originURL is the LB URL. However
If Ranger LB is ssl and KnoxSSO is enabled then for the Knox request originURL changes to either of Ranger host. It is expected that behaviour of originURL should not change irrespective of ranger ssl/non ssl mode.

Currently if Ranger LB is SSL enabled then sending X-Forwarded-Proto and X-Forwarded-SSL header doesn't work. if these headers are not sent from LB then forward URL becomes the actual ranger-admin URL than LB URL.

Proposed Solution: If LB is SSL then proposed patch shall accept the X-Forwarded-Proto and X-Forwarded-SSL headers and will ensure the origin URL is LB URL.

To send X-Forwarded-Proto and X-Forwarded-SSL Headers from Apache Httpd LB end, add below lines in LB config file.

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-2423-Ranger-KnoxSSO-authentication-in-Ranger-.patch
13/May/19 13:28
5 kB
Pradeep Agrawal

Issue Links

links to

Apache RR

Sub-Tasks

Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded

Resolved

Pradeep Agrawal

Activity

People

Assignee:: Pradeep Agrawal

Reporter:: Pradeep Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/May/19 17:03

Updated:: 14/May/19 04:00

Resolved:: 14/May/19 03:58