Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Can I also Lower Case User Names in Apache Knox?

Labels:
avatar
author-rank hkropp
Super Collaborator

Created ‎10-05-2015 02:35 PM

All usernames are lower cased fetching from AD/LDAP, can I also force Knox to lower case the name?

1,513 Views
1 ACCEPTED SOLUTION

avatar
author-rank kevin_minder
Guru

Created ‎10-05-2015 03:09 PM

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

View solution in original post

1,149 Views
2 REPLIES 2

avatar
author-rank hkropp
Super Collaborator

Created ‎10-05-2015 02:55 PM

The case of the username seems to depend on the user input, so there is no need to force lower or upper case, right?

1,149 Views
0 Kudos

avatar
author-rank kevin_minder
Guru

Created ‎10-05-2015 03:09 PM

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

1,150 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements