You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Hadoop Web UI SSO with Knox Token Exchange from SAML Browser AmbariServer UI HDFSNN UI Knox SAML IdP(eg Shibboleth) LDAP orActiveDirectory 1ambari-view-url.GET() 2redirect302(knox-url,ambari-url) 3knox-url.GET(ambari-url) SAML 4ok200(idp-redirect-form[idp-url,knox-url,ambari-url]) Redirect forms auto submittedvia embedded JavaScript 5idp-url.POST(knox-url,ambari-url) 6ok200(idp-login-form[idp-url,knox-url,ambari-url]) 7idp-url.POST(username,password,knox-url,ambari-url) 8authenticate(usernme,password) 9ok200(knox-redirect-form[knox-url,ambari-url,idp-token]) 10knox-url.POST(ambari-url,idp-token) 11ok200(ambari-redirect-form[ambari-url,knox-token],knox-cookie) Token exchange 12ambari-url.POST(knox-token) 13redirect302(ambari-url,ambari-cookie) 14ambari-url.GET(ambari-cookie) 15ok200(ambari-view) Subsequent uses of other UIs do not require authentication/SAML due to knox-cookie in Browser 16nn-url.GET() 17redirect302(knox-url,nn-url) 18knox-url.GET(nn-url,knox-cookie) 19ok200(nn-redirect-form[nn-url,knox-token]) 20nn-url.POST(knox-token) 21redirect302(nn-url,nn-cookie) 22nn-url.GET(nn-cookie) 23ok200(nn-view)
  • No labels