public boolean isKnoxEnabled() { return properties.isKnoxSsoEnabled(); }
@Override public KnoxService getObject() throws Exception { if (knoxService == null) { // ensure we only allow knox if login and oidc are disabled if (properties.isKnoxSsoEnabled() && (properties.isLoginIdentityProviderEnabled() || properties.isOidcEnabled())) { throw new RuntimeException("Apache Knox SSO support cannot be enabled if the Login Identity Provider or OpenId Connect is configured."); } final KnoxConfiguration configuration = new StandardKnoxConfiguration(properties); knoxService = new KnoxService(configuration); } return knoxService; }
@Override public Authentication attemptAuthentication(final HttpServletRequest request) { // only support knox login when running securely if (!request.isSecure()) { return null; } // ensure knox sso support is enabled final NiFiProperties properties = getProperties(); if (!properties.isKnoxSsoEnabled()) { return null; } // get the principal out of the user token final String knoxJwt = getJwtFromCookie(request, properties.getKnoxCookieName()); // if there is no cookie, return null to attempt another authentication if (knoxJwt == null) { return null; } else { // otherwise create the authentication request token return new KnoxAuthenticationRequestToken(knoxJwt, request.getRemoteAddr()); } }
/** * Returns true if client certificates are required for REST API. Determined * if the following conditions are all true: * <p> * - login identity provider is not populated * - Kerberos service support is not enabled * - openid connect is not enabled * - knox sso is not enabled * </p> * * @return true if client certificates are required for access to the REST API */ public boolean isClientAuthRequiredForRestApi() { return !isLoginIdentityProviderEnabled() && !isKerberosSpnegoSupportEnabled() && !isOidcEnabled() && !isKnoxSsoEnabled(); }
webUiContext.getInitParams().put("knox-supported", String.valueOf(props.isKnoxSsoEnabled())); webUiContext.getInitParams().put("whitelistedContextPaths", props.getWhitelistedContextPaths()); webAppContextHandlers.addHandler(webUiContext);
if (properties.isLoginIdentityProviderEnabled() || properties.isKnoxSsoEnabled()) { throw new RuntimeException("OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured.");
public boolean isKnoxEnabled() { return properties.isKnoxSsoEnabled(); }
@Override public KnoxService getObject() throws Exception { if (knoxService == null) { // ensure we only allow knox if login and oidc are disabled if (properties.isKnoxSsoEnabled() && (properties.isLoginIdentityProviderEnabled() || properties.isOidcEnabled())) { throw new RuntimeException("Apache Knox SSO support cannot be enabled if the Login Identity Provider or OpenId Connect is configured."); } final KnoxConfiguration configuration = new StandardKnoxConfiguration(properties); knoxService = new KnoxService(configuration); } return knoxService; }
@Override public Authentication attemptAuthentication(final HttpServletRequest request) { // only support knox login when running securely if (!request.isSecure()) { return null; } // ensure knox sso support is enabled final NiFiProperties properties = getProperties(); if (!properties.isKnoxSsoEnabled()) { return null; } // get the principal out of the user token final String knoxJwt = getJwtFromCookie(request, properties.getKnoxCookieName()); // if there is no cookie, return null to attempt another authentication if (knoxJwt == null) { return null; } else { // otherwise create the authentication request token return new KnoxAuthenticationRequestToken(knoxJwt, request.getRemoteAddr()); } }
/** * Returns true if client certificates are required for REST API. Determined * if the following conditions are all true: * <p> * - login identity provider is not populated * - Kerberos service support is not enabled * - openid connect is not enabled * - knox sso is not enabled * </p> * * @return true if client certificates are required for access to the REST API */ public boolean isClientAuthRequiredForRestApi() { return !isLoginIdentityProviderEnabled() && !isKerberosSpnegoSupportEnabled() && !isOidcEnabled() && !isKnoxSsoEnabled(); }
if (properties.isLoginIdentityProviderEnabled() || properties.isKnoxSsoEnabled()) { throw new RuntimeException("OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured.");