Short description: This article describes how to enable Knox SSO authentication on Kerberos enabled Oozie UI
The goal is to provide a single authentication handler for redirecting to an external endpoint for acquiring a JWT (JSONWebToken) token to be used as a SSO representation of an authentication event.
The hadoop common JWTRedirectAuthenticationHandler can be used to add this support to component UIs. It is an extension of AltKerberosAuthenticationHandler, which require kerberos to be enabled on the HTTP endpoints in order to work. This means that UIs will use SSO for authentication, but at the same time REST APIs will still be using kerberos.
For authenticating REST APIs with Knox SSO as well, there is a filter based authentication provider in Knox.