Support Questions
Find answers, ask questions, and share your expertise

JWT Token and Ranger Policies on Edge Node Services



We would like to deploy lot of web applications on the Edge Node(s) in our HDP Cluster (2.6.5) and enabled JWT Token in knox. All these app will be proxied through the knox gateway.

When we inspected the JWT Token all we are getting is the subject (username) and expiration time and issuer (KNOXSSO in our case) info.

How ever we would like to enforce Auth Rules with in these web apps/ services we are planning to deploy on Edge Node. As the Policies are already defined in Ranger is there a way we can get the policies that apply to currently logged in user ?

Or do we need to create a Ranger Plugin (If so can it be used for all the different services deployed on edge nodes). For ex the in built Hive View, Files View are interacting with Ranger using plugins. Does this mean we need to have a separate plugin for each service ? Also even if a single plugin can be applied to all these services isn't it a requirement that these services be managed by Ambari ? ( In our case there are different services some nodejs based ui apps and spring boot based services etc).

Also how trivial is making these nodejs and spring boot services to convert to ambari manageable services ?

Appreciate any pointers to documentation this use case.