hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-9535) HSSO Server - IDP/SP Authentication Endpoint Deployment
Date Wed, 01 May 2013 17:42:17 GMT
Larry McCay created HADOOP-9535:

             Summary: HSSO Server - IDP/SP Authentication Endpoint Deployment
                 Key: HADOOP-9535
                 URL: https://issues.apache.org/jira/browse/HADOOP-9535
             Project: Hadoop Common
          Issue Type: Sub-task
          Components: security
            Reporter: Larry McCay

This effort will result in an embedded Jetty based server that deploys endpoints for the authentication
or federation of entities.

It will leverage common facilities for authentication and federation providers within servlet
filters which allow composability of various provider types to satisfy various token and authentication
processing requirements.

For instance:

In order for a client application to authenticate using BASIC credentials and receive a token
that will allow access to HDFS we may need to provide a couple an endpoint comprised of an
authentication provider and a token generation provider:

1. BASIC->LDAP Authentication Provider
2. Access Token Generation Provider

This allows a user to authentication to the HSSO service endpoint with simple username/password
using HTTP BASIC and leverage a simple username bind to an LDAP server for authentication.
It then uses the resulting normalized java.security.Subject to generate an access token for
the user to pass along with subsequent requests to other Hadoop services.

Hadoop services only need to verify the token validity and trust of the issuer - HSSO service
- in order to authenticate access to its protected resources.

This task is dependent on common authentication provider frameworks and will need to insure
compatibility and the composability described in this task.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message