ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Review Request 70632: RANGER-2423: Ranger KnoxSSO authentication in Ranger HA environment
Date Mon, 13 May 2019 14:24:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70632/#review215215
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On May 13, 2019, 1:25 p.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70632/
> -----------------------------------------------------------
> 
> (Updated May 13, 2019, 1:25 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni,
Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani, Sailaja Polavarapu, and
Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2423
>     https://issues.apache.org/jira/browse/RANGER-2423
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Description: ** If Ranger LB is non ssl and KnoxSSO is enabled then for the
Knox request originURL is the LB URL. However
> If Ranger LB is ssl and KnoxSSO is enabled then for the Knox request originURL changes
to either of Ranger host. It is expected that behaviour of originURL should not change irrespective
of ranger ssl/non ssl mode.
> 
> Currently if Ranger LB is SSL enabled then sending X-Forwarded-Proto and X-Forwarded-SSL
header doesn't work. if these headers are not sent from LB then forward URL becomes the actual
ranger-admin URL than LB URL. 
> 
> **Proposed Solution:** If LB is SSL then proposed patch shall accept the X-Forwarded-Proto
and X-Forwarded-SSL headers and will ensure the origin URL is LB URL.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
8a6c39b8f 
> 
> 
> Diff: https://reviews.apache.org/r/70632/diff/1/
> 
> 
> Testing
> -------
> 
> Scenario tested when LB is simple and SSL enabled.
> 1.Tested Ranger HA with knoxproxy 
> 2.Tested Ranger HA with Knoxsso
> 3.Tested Ranger HA with knoxproxy and knoxSSO
> 4.Tested Ranger HA with Knoxsso through curl(using hadoop-jwt token)
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message