Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Can I also Lower Case User Names in Apache Knox?

Labels:
avatar
author-rank hkropp
Super Collaborator

Created ‎10-05-2015 02:35 PM

All usernames are lower cased fetching from AD/LDAP, can I also force Knox to lower case the name?

1,226 Views
1 ACCEPTED SOLUTION

avatar
author-rank kevin_minder
Guru

Created ‎10-05-2015 03:09 PM

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

View solution in original post

862 Views
2 REPLIES 2

avatar
author-rank hkropp
Super Collaborator

Created ‎10-05-2015 02:55 PM

The case of the username seems to depend on the user input, so there is no need to force lower or upper case, right?

862 Views
0 Kudos

avatar
author-rank kevin_minder
Guru

Created ‎10-05-2015 03:09 PM

Currently Knox uses the username returned by the authentication provider. This identity can then be manipulated by an identity-assertion provider. However at this time none of the "out of the box" identity-assertion providers support an ability to lower case the identity. This would however be very easy to implement and plug in "on site". It would require implementing a custom identity-assertion provider that essentially implements the mapUserPrincial method of org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter in module gateway-provider-identity-assertion-common. The whole process of writing and hooking up a Knox extension plugin is described in Larry's blog. http://hortonworks.com/blog/adding-federation-provider-apache-knox/ This described a federation provider but the overall mechanism is similar. General details about Knox development can be found in the dev guide. http://knox.apache.org/books/knox-0-6-0/dev-guide.html

863 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements