Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can I also Lower Case User Names in Apache Knox?

SOLVED Go to solution
Highlighted

Can I also Lower Case User Names in Apache Knox?

Expert Contributor

All usernames are lower cased fetching from AD/LDAP, can I also force Knox to lower case the name?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can I also Lower Case User Names in Apache Knox?

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

2 REPLIES 2

Re: Can I also Lower Case User Names in Apache Knox?

Expert Contributor

The case of the username seems to depend on the user input, so there is no need to force lower or upper case, right?

Re: Can I also Lower Case User Names in Apache Knox?

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html