Member since
10-11-2017
14
Posts
0
Kudos Received
0
Solutions
02-21-2018
06:53 AM
@Sandeep More, Nope this also didnt work. I tried: "Cookie" "CookieProvider", "Set-Cookie", "pac4j" etc. None of this seems to understand what is being passed to the callback URL. curl -ikH 'CookieProvider: pac4j.session.pac4jRequestedUrl=AAAACAAAABAAAACgKA1Sf1IwVCKgK0BhCk58OD4OXcA35fLo72qgxzeyoEBWPbqYHJgcYGtt2Fdrs6xTYeU6JMdfnGAG/jT5z+ovN6bJ09bvG4QCo7dpxOFML0ssI8C0AX6JIU/9FWu50IK/Z9FaRWRYmrFEdKRXnzvbhdXzq4uUDvWW2WfylAwgrh3o3jP3b9CqBBN9/ElI//VMrOWO1wTcQaX4a3qz5FxivxqJyu0/UPeo6IWYFILwVxJeKJkEMRvpXw==;Domain=localhost;Secure;HttpOnly' https://localhost:8442/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=IndirectBasicAuthClient Did you get it working with curl? As per the developer docs, https://svn.apache.org/repos/asf/knox/site/books/knox-0-9-0/dev-guide.html#KnoxSSO+Integration, the author does not confirm the results of the last curl passed with hadoop-jwt Cookie. Regards, Nisha
... View more
10-12-2017
08:18 PM
@gnovak @tuxnet Would resource sharing still work if ACLs are configured for separate tenant queues? If ACLs are different for Q1 and Q2, will it still support elasticity and preemption? Could you also please share the workload/application details that you used for these experiments? I am trying to run some experiments to do a similar test for elasticity and preemption of capacity schedulers. I am using a simple Spark word count application on a large file for the same, but I am not able to get a feel of resource sharing among queues using this application. Thanks in advance.
... View more
04-05-2018
11:01 AM
@mqureshi I have a similar problem but in my case I dont want to create separate tickets for application users. My requirement is that all services in Hadoop should be accessed via KNOX as proxy user. Knox would have taken care of authentication seperately. So in my case all authenticated application users eg user1, user2 etc.. should be able to run jobs with knox proxy user. This link talks exactly of the same concept: https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html#Use_Case Here the idea is not to have seperate kerberos credentials for each individual application users. Any thoughts from your side, on what would be required for this?
... View more