Author: more Date: Tue Feb 21 14:47:09 2017 New Revision: 1783897 URL: http://svn.apache.org/viewvc?rev=1783897&view=rev Log: KNOX-886 - Document multiple preauth validator (Mohammad Kamrul Islam via Sandeep More) Modified: knox/site/books/knox-0-12-0/user-guide.html knox/site/index.html knox/site/issue-tracking.html knox/site/license.html knox/site/mail-lists.html knox/site/project-info.html knox/site/team-list.html knox/trunk/books/0.12.0/config_preauth_sso_provider.md Modified: knox/site/books/knox-0-12-0/user-guide.html URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/user-guide.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/books/knox-0-12-0/user-guide.html (original) +++ knox/site/books/knox-0-12-0/user-guide.html Tue Feb 21 14:47:09 2017 @@ -2435,7 +2435,7 @@ APACHE_HOME/bin/apachectl -k stop preauth.validation.method - Optional parameter that indicates the type of trust validation to perform on incoming requests. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in Custom Validator). Failure results in a 403 forbidden HTTP status response. + Optional parameter that indicates the types of trust validation to perform on incoming requests. There could be one or more comma-separated validators defined in this property. If there are multiple validators, Apache Knox validates each validator in the same sequence as it is configured. This works similar to short-circuit AND operation i.e. if any validator fails, Knox does not perform further validation and returns overall failure immediately. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in Custom Validator). Failure results in a 403 forbidden HTTP status response. null - which means ‘preauth.default.validation’ that is no validation will be performed and that we are assuming that the network security and external authentication system is sufficient. Modified: knox/site/index.html URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/index.html (original) +++ knox/site/index.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – REST API Gateway for the Apache Hadoop Ecosystem @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/site/issue-tracking.html URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/issue-tracking.html (original) +++ knox/site/issue-tracking.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – Issue Tracking @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/site/license.html URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/license.html (original) +++ knox/site/license.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – Project License @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/site/mail-lists.html URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/mail-lists.html (original) +++ knox/site/mail-lists.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – Project Mailing Lists @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/site/project-info.html URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/project-info.html (original) +++ knox/site/project-info.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – Project Information @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/site/team-list.html URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/site/team-list.html (original) +++ knox/site/team-list.html Tue Feb 21 14:47:09 2017 @@ -1,13 +1,13 @@ - + Knox Gateway – Team list @@ -58,7 +58,7 @@ -
  • Last Published: 2017-02-14
  • +
  • Last Published: 2017-02-21
  • Modified: knox/trunk/books/0.12.0/config_preauth_sso_provider.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.12.0/config_preauth_sso_provider.md?rev=1783897&r1=1783896&r2=1783897&view=diff ============================================================================== --- knox/trunk/books/0.12.0/config_preauth_sso_provider.md (original) +++ knox/trunk/books/0.12.0/config_preauth_sso_provider.md Tue Feb 21 14:47:09 2017 @@ -41,7 +41,7 @@ The following table describes the config Name | Description | Default ---------|----------- -preauth.validation.method|Optional parameter that indicates the type of trust validation to perform on incoming requests. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in [Custom Validator](dev-guide.html#Validator)). Failure results in a 403 forbidden HTTP status response.|null - which means 'preauth.default.validation' that is no validation will be performed and that we are assuming that the network security and external authentication system is sufficient. +preauth.validation.method|Optional parameter that indicates the types of trust validation to perform on incoming requests. There could be one or more comma-separated validators defined in this property. If there are multiple validators, Apache Knox validates each validator in the same sequence as it is configured. This works similar to short-circuit AND operation i.e. if any validator fails, Knox does not perform further validation and returns overall failure immediately. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in [Custom Validator](dev-guide.html#Validator)). Failure results in a 403 forbidden HTTP status response.|null - which means 'preauth.default.validation' that is no validation will be performed and that we are assuming that the network security and external authentication system is sufficient. preauth.ip.addresses|Optional parameter that indicates the list of trusted ip addresses. When preauth.ip.validation is indicated as the validation method this parameter must be provided to indicate the trusted ip address set. Wildcarded IPs may be used to indicate subnet level trust. ie. 127.0.*|null - which means that no validation will be performed. preauth.custom.header|Required parameter for indicating a custom header to use for extracting the preauthenticated principal. The value extracted from this header is utilized as the PrimaryPrincipal within the established Subject. An incoming request that is missing the configured header will be refused with a 401 unauthorized HTTP status.|SM_USER for SiteMinder usecase preauth.custom.group.header|Optional parameter for indicating a HTTP header name that contains a comma separated list of groups. These are added to the authenticated Subject as group principals. A missing group header will result in no groups being extracted from the incoming request and a log entry but processing will continue.|null - which means that there will be no group principals extracted from the request and added to the established Subject.