THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Configuration for authentication on the component UIs: http://hadoop.apache.org/docs/r2.3.0/hadoop-project-dist/hadoop-common/HttpAuthentication.html
- Forgerock openam documentation for CDSSO and protection against cookie hijacking: http://docs.forgerock.org/en/openam/10.1.0/admin-guide/index/chap-cdsso.html
- core-default for hadoop config defaults - filter initializers: https://hadoop.apache.org/docs/r2.0.5-alpha/hadoop-project-dist/hadoop-common/core-default.xml
- nimbus-jose-jwt library - Apache 2 License: http://connect2id.com/products/nimbus-jose-jwt
PlantUML | ||||
---|---|---|---|---|
| ||||
hide footbox autonumber participant "Browser" as cli participant "WebUI\n(eg NN UI)" as ui participant "Knox\nTS/SSO" as sso participant "SAML\nIdP" as idp activate cli cli -> ui: page.GET() activate ui cli <-- ui: redirect(IDP.login) deactivate ui cli -> idp: login.GET() activate idp cli <-- idp: form deactivate idp cli -> idp: form.POST(username,password) activate idp cli <-- idp: redirect(SSO.translate):saml-bearer-token deactivate idp cli -> sso: translate.GET(saml-bearer-token) activate sso cli <-- sso: redirect(WebUI.page):jwt-bearer-token-cookie deactivate sso cli -> ui: page.GET(jwt-bearer-token-cookie) activate ui cli <- ui: response deactivate ui deactivate cli |
...