Support Questions
Find answers, ask questions, and share your expertise

Can I also Lower Case User Names in Apache Knox?

Expert Contributor

All usernames are lower cased fetching from AD/LDAP, can I also force Knox to lower case the name?

1 ACCEPTED SOLUTION

Accepted Solutions

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

View solution in original post

2 REPLIES 2

Expert Contributor

The case of the username seems to depend on the user input, so there is no need to force lower or upper case, right?

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

View solution in original post