Description: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Diff: |
Revision 2 (+6763) |
HUE-8321 [useradmin] Integrate with Single Sign On using Keycloak
Review Request #13045 - Created June 7, 2018 and submitted
Information | |
---|---|
Ying Chen | |
hue | |
master | |
HUE-8321 | |
Reviewers | |
hue | |
enricoberti, jgauthier, johan, ranade, romain, weixia |
commit a5696dbf23c3d3beb4598e018a61746fa7d8b682 (HEAD -> master) Author: Ying Chen <yingchen@cloudera.com> Date: Thu May 31 22:12:25 2018 -0700 HUE-8321 [useradmin] Integrate with Single Sign On using Keycloak * adding mozilla-django-oidc-1.0.0 and josepy-1.1.0 * modified desktop/core/src/desktop/middleware.py to avoid redirect looping * create OIDCBackend to extend OIDCAuthencationBackend, and it rewrites user with has_hue_permission * adding entry for OIDC to Hue configure files and retrieve OIDC config value in desktop/settings.py :100644 100644 37d758a538... cb176a4f50... M desktop/conf.dist/hue.ini :100644 100644 42d170a5a7... fc0889ee40... M desktop/conf/pseudo-distributed.ini.tmpl :000000 100644 0000000000... c22197ec1f... A desktop/core/ext-py/josepy-1.1.0/.coveragerc :000000 100644 0000000000... b4bf0342b7... A desktop/core/ext-py/josepy-1.1.0/.travis.yml :000000 100644 0000000000... 981c46c9f9... A desktop/core/ext-py/josepy-1.1.0/LICENSE.txt :000000 100644 0000000000... 55bf810f84... A desktop/core/ext-py/josepy-1.1.0/MANIFEST.in :000000 100644 0000000000... b2322ec656... A desktop/core/ext-py/josepy-1.1.0/PKG-INFO :000000 100644 0000000000... fe339ab4e9... A desktop/core/ext-py/josepy-1.1.0/README.rst :000000 100644 0000000000... ba65b13af5... A desktop/core/ext-py/josepy-1.1.0/docs/.gitignore :000000 100644 0000000000... f90a518641... A desktop/core/ext-py/josepy-1.1.0/docs/Makefile :000000 100644 0000000000... e69de29bb2... A desktop/core/ext-py/josepy-1.1.0/docs/_static/.gitignore :000000 100644 0000000000... e69de29bb2... A desktop/core/ext-py/josepy-1.1.0/docs/_templates/.gitignore :000000 100644 0000000000... aa0de1f5b1... A desktop/core/ext-py/josepy-1.1.0/docs/api/base64.rst :000000 100644 0000000000... 0024401a39... A desktop/core/ext-py/josepy-1.1.0/docs/api/errors.rst :000000 100644 0000000000... cd882b0c03... A desktop/core/ext-py/josepy-1.1.0/docs/api/interfaces.rst :000000 100644 0000000000... d2509ba239... A desktop/core/ext-py/josepy-1.1.0/docs/api/json_util.rst :000000 100644 0000000000... 4744d8751f... A desktop/core/ext-py/josepy-1.1.0/docs/api/jwa.rst :000000 100644 0000000000... 578218ed10... A desktop/core/ext-py/josepy-1.1.0/docs/api/jwk.rst :000000 100644 0000000000... b364c3dee4... A desktop/core/ext-py/josepy-1.1.0/docs/api/jws.rst :000000 100644 0000000000... 3af53150ea... A desktop/core/ext-py/josepy-1.1.0/docs/api/util.rst :000000 100644 0000000000... 565b0521d0... A desktop/core/ext-py/josepy-1.1.0/docs/changelog.rst :000000 100644 0000000000... eaf49fad5a... A desktop/core/ext-py/josepy-1.1.0/docs/conf.py :000000 100644 0000000000... 2b912b6895... A desktop/core/ext-py/josepy-1.1.0/docs/index.rst :000000 100644 0000000000... 34cf5ce235... A desktop/core/ext-py/josepy-1.1.0/docs/jws-help.txt :000000 100644 0000000000... d7ff8f4054... A desktop/core/ext-py/josepy-1.1.0/docs/man/jws.rst :000000 100644 0000000000... 142b6ca357... A desktop/core/ext-py/josepy-1.1.0/docs/requirements.txt :000000 100644 0000000000... 0929e443b6... A desktop/core/ext-py/josepy-1.1.0/pytest.ini :000000 100644 0000000000... adf5ed72aa... A desktop/core/ext-py/josepy-1.1.0/setup.cfg :000000 100644 0000000000... d15dde4ea1... A desktop/core/ext-py/josepy-1.1.0/setup.py :000000 100644 0000000000... b4018d3430... A desktop/core/ext-py/josepy-1.1.0/src/josepy/__init__.py :000000 100644 0000000000... 1be2f4c1c0... A desktop/core/ext-py/josepy-1.1.0/src/josepy/b64.py :000000 100644 0000000000... 117cde0832... A desktop/core/ext-py/josepy-1.1.0/src/josepy/b64_test.py :000000 100644 0000000000... 74c9443e1e... A desktop/core/ext-py/josepy-1.1.0/src/josepy/errors.py :000000 100644 0000000000... d094f9cc19... A desktop/core/ext-py/josepy-1.1.0/src/josepy/errors_test.py :000000 100644 0000000000... b2c62a8548... A desktop/core/ext-py/josepy-1.1.0/src/josepy/interfaces.py :000000 100644 0000000000... f91ef42502... A desktop/core/ext-py/josepy-1.1.0/src/josepy/interfaces_test.py :000000 100644 0000000000... 818a52c58e... A desktop/core/ext-py/josepy-1.1.0/src/josepy/json_util.py :000000 100644 0000000000... 4c68559606... A desktop/core/ext-py/josepy-1.1.0/src/josepy/json_util_test.py :000000 100644 0000000000... 2a6a2c7edd... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jwa.py :000000 100644 0000000000... 1ced360cce... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jwa_test.py :000000 100644 0000000000... e9071ea7e1... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jwk.py :000000 100644 0000000000... a1289e69f8... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jwk_test.py :000000 100644 0000000000... 64323458db... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jws.py :000000 100644 0000000000... 252215ad6d... A desktop/core/ext-py/josepy-1.1.0/src/josepy/jws_test.py :000000 100644 0000000000... da4120d0d3... A desktop/core/ext-py/josepy-1.1.0/src/josepy/test_util.py :000000 100644 0000000000... 72ae227210... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/README :000000 100644 0000000000... 3fdc9404f4... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-100sans.pem :000000 100644 0000000000... 932649692b... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-idnsans.pem :000000 100644 0000000000... dcb8359942... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-san.pem :000000 100644 0000000000... ab231982f2... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert.der :000000 100644 0000000000... 96c55cbf40... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert.pem :000000 100644 0000000000... 7aec8ab1c5... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/critical-san.pem :000000 100644 0000000000... 199814126f... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-100sans.pem :000000 100644 0000000000... 8f6b52bd77... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-6sans.pem :000000 100644 0000000000... d6e91a420e... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-idnsans.pem :000000 100644 0000000000... 813db67b0b... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-nosans.pem :000000 100644 0000000000... a7128e35ca... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-san.pem :000000 100644 0000000000... d43ac85a16... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr.der :000000 100644 0000000000... b6818e39d6... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr.pem :000000 100644 0000000000... 78e1647125... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/dsa512_key.pem :000000 100644 0000000000... de5339d030... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa1024_key.pem :000000 100644 0000000000... 3944cd1dbc... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa2048_cert.pem :000000 100644 0000000000... 5847aed556... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa2048_key.pem :000000 100644 0000000000... 659274d1d9... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa256_key.pem :000000 100644 0000000000... 610c8d3156... A desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa512_key.pem :000000 100644 0000000000... d2ed1c5ccb... A desktop/core/ext-py/josepy-1.1.0/src/josepy/util.py :000000 100644 0000000000... 79f2d21d55... A desktop/core/ext-py/josepy-1.1.0/src/josepy/util_test.py :000000 100644 0000000000... 8a2feb694a... A desktop/core/ext-py/josepy-1.1.0/tox.ini :000000 100644 0000000000... afa1c65fc0... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/AUTHORS.rst :000000 100644 0000000000... 0ea6ab961b... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/CONTRIBUTING.rst :000000 100644 0000000000... 7f3d8e2755... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/HISTORY.rst :000000 100644 0000000000... a612ad9813... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/LICENSE :000000 100644 0000000000... e47620950a... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/MANIFEST.in :000000 100644 0000000000... 467c55bbab... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/PKG-INFO :000000 100644 0000000000... bb49c34c03... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/README.rst :000000 100644 0000000000... 1f356cc57b... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/__init__.py :000000 100644 0000000000... 4e1e970a07... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/auth.py :000000 100644 0000000000... e01664c0a7... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/middleware.py :000000 100644 0000000000... 5bb488e08c... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/urls.py :000000 100644 0000000000... aed5241425... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/utils.py :000000 100644 0000000000... 6bdc0be66a... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/views.py :000000 100644 0000000000... b54be5f41f... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/setup.cfg :000000 100755 0000000000... d94cbecb1e... A desktop/core/ext-py/mozilla-django-oidc-1.0.0/setup.py :100644 100644 06c7e0c9c5... 043ec71083... M desktop/core/src/desktop/auth/backend.py :100644 100644 eedc81547d... 729dba27a6... M desktop/core/src/desktop/conf.py :100644 100644 46e3e3e489... dd870b4d6b... M desktop/core/src/desktop/middleware.py :100644 100644 3d66707790... c8f8500a38... M desktop/core/src/desktop/settings.py :100644 100644 8ccad92427... c2a9b20414... M desktop/core/src/desktop/urls.py
-
-
desktop/conf/pseudo-distributed.ini.tmpl (Diff revision 2) Renamed to
'desktop.auth.backend.OIDCBackend'
?
-
desktop/conf/pseudo-distributed.ini.tmpl (Diff revision 2) nit:
"Configuration options for using OIDCBackend (Core) login" --> "Configuration options for using OIDCBackend (Core) login for SSO" -
-
desktop/core/src/desktop/settings.py (Diff revision 2) Would we need an helper to test if it is configured?
So that we reuse it throughout Hue
e.g.
def is_oidc_configured():
return 'desktop.auth.backend.OIDCBackend' in AUTHENTICATION_BACKENDS -
-
desktop/core/src/desktop/urls.py (Diff revision 2) Add urls only if oidc configured? (cf. previous comment on helper)
Description: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Diff: |
Revision 3 (+6765) |