knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1787129 - in /knox: site/books/knox-0-12-0/user-guide.html trunk/books/0.12.0/config_knox_token.md
Date Thu, 16 Mar 2017 05:46:42 GMT
Author: lmccay
Date: Thu Mar 16 05:46:42 2017
New Revision: 1787129

URL: http://svn.apache.org/viewvc?rev=1787129&view=rev
Log:
adding docs for KnoxToken service to 0.12.0

Modified:
    knox/site/books/knox-0-12-0/user-guide.html
    knox/trunk/books/0.12.0/config_knox_token.md

Modified: knox/site/books/knox-0-12-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/user-guide.html?rev=1787129&r1=1787128&r2=1787129&view=diff
==============================================================================
--- knox/site/books/knox-0-12-0/user-guide.html (original)
+++ knox/site/books/knox-0-12-0/user-guide.html Thu Mar 16 05:46:42 2017
@@ -2941,7 +2941,9 @@ APACHE_HOME/bin/apachectl -k stop
   </tbody>
 </table><p>Adding the KnoxToken configuration shown above to a topology that
is protected with the ShrioProvider is a very simple and effective way to expose an endpoint
from which a Knox token can be requested. Once it is acquired it may be used to access resources
at intended endpoints until it expires.</p><p>The following curl command can be
used to acquire a token from the Knox Token service as configured in the sandbox topology:</p>
 <pre><code>curl -ivku guest:guest-password https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token
-</code></pre><p>Resulting in a JSON response that contains the token, the
expiration and the optional target endpoint:  {&ldquo;access_token&rdquo;:&ldquo;eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU&rdquo;,&ldquo;target_url&rdquo;:&ldquo;<a
href="https://localhost:8443/gateway/tokenbased","token_type":"Bearer">https://localhost:8443/gateway/tokenbased","token_type":"Bearer</a>
&rdquo;,&ldquo;expires_in&rdquo;:1489942188233}</p><p>The following
curl example shows how to add a bearer token to an Authorization header:</p>
+</code></pre><p>Resulting in a JSON response that contains the token, the
expiration and the optional target endpoint:</p>
+<pre><code>      `{&quot;access_token&quot;:&quot;eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU&quot;,&quot;target_url&quot;:&quot;https://localhost:8443/gateway/tokenbased&quot;,&quot;token_type&quot;:&quot;Bearer
&quot;,&quot;expires_in&quot;:1489942188233}`
+</code></pre><p>The following curl example shows how to add a bearer token
to an Authorization header:</p>
 <pre><code>curl -ivk -H &quot;Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU&quot;
https://localhost:8443/gateway/tokenbased/webhdfs/v1/tmp?op=LISTSTATUS
 </code></pre><p>See documentation in Client Details for KnoxShell init,
list and destroy for commands that leverage this token service for CLI sessions.</p><h3><a
id="Mutual+Authentication+with+SSL">Mutual Authentication with SSL</a> <a href="#Mutual+Authentication+with+SSL"><img
src="markbook-section-link.png"/></a></h3><p>To establish a stronger
trust relationship between client and server, we provide mutual authentication with SSL via
client certs. This is particularly useful in providing additional validation for Preauthenticated
SSO with HTTP Headers. Rather than just ip address validation, connections will only be accepted
by Knox from clients presenting trusted certificates.</p><p>This behavior is configured
for the entire gateway instance within the gateway-site.xml file. All topologies deployed
within the gateway instance with mutual authentication enabled will require incoming connections
to present trusted client certificates during the SSL handshake. Otherwise, connectio
 ns will be refused.</p><p>The following table describes the configuration elements
related to mutual authentication and their defaults:</p>
 <table>

Modified: knox/trunk/books/0.12.0/config_knox_token.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.12.0/config_knox_token.md?rev=1787129&r1=1787128&r2=1787129&view=diff
==============================================================================
--- knox/trunk/books/0.12.0/config_knox_token.md (original)
+++ knox/trunk/books/0.12.0/config_knox_token.md Thu Mar 16 05:46:42 2017
@@ -41,7 +41,8 @@ The following curl command can be used t
     curl -ivku guest:guest-password https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token
     
 Resulting in a JSON response that contains the token, the expiration and the optional target
endpoint:
-      {"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU","target_url":"https://localhost:8443/gateway/tokenbased","token_type":"Bearer
","expires_in":1489942188233}
+
+          `{"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU","target_url":"https://localhost:8443/gateway/tokenbased","token_type":"Bearer
","expires_in":1489942188233}`
 
 The following curl example shows how to add a bearer token to an Authorization header:
 



Mime
View raw message