HUE-8321 [useradmin] Integrate with Single Sign On using Keycloak

Review Request #13045 - Created June 7, 2018 and submitted

Ying Chen
hue
master
HUE-8321
hue
enricoberti, jgauthier, johan, ranade, romain, weixia
commit a5696dbf23c3d3beb4598e018a61746fa7d8b682 (HEAD -> master)
Author: Ying Chen <yingchen@cloudera.com>
Date:   Thu May 31 22:12:25 2018 -0700

    HUE-8321 [useradmin] Integrate with Single Sign On using Keycloak
      * adding mozilla-django-oidc-1.0.0 and josepy-1.1.0
      * modified desktop/core/src/desktop/middleware.py to avoid redirect looping
      * create OIDCBackend to extend OIDCAuthencationBackend, and it rewrites user with has_hue_permission
      * adding entry for OIDC to Hue configure files and retrieve OIDC config value in desktop/settings.py

:100644 100644 37d758a538... cb176a4f50... M    desktop/conf.dist/hue.ini
:100644 100644 42d170a5a7... fc0889ee40... M    desktop/conf/pseudo-distributed.ini.tmpl
:000000 100644 0000000000... c22197ec1f... A    desktop/core/ext-py/josepy-1.1.0/.coveragerc
:000000 100644 0000000000... b4bf0342b7... A    desktop/core/ext-py/josepy-1.1.0/.travis.yml
:000000 100644 0000000000... 981c46c9f9... A    desktop/core/ext-py/josepy-1.1.0/LICENSE.txt
:000000 100644 0000000000... 55bf810f84... A    desktop/core/ext-py/josepy-1.1.0/MANIFEST.in
:000000 100644 0000000000... b2322ec656... A    desktop/core/ext-py/josepy-1.1.0/PKG-INFO
:000000 100644 0000000000... fe339ab4e9... A    desktop/core/ext-py/josepy-1.1.0/README.rst
:000000 100644 0000000000... ba65b13af5... A    desktop/core/ext-py/josepy-1.1.0/docs/.gitignore
:000000 100644 0000000000... f90a518641... A    desktop/core/ext-py/josepy-1.1.0/docs/Makefile
:000000 100644 0000000000... e69de29bb2... A    desktop/core/ext-py/josepy-1.1.0/docs/_static/.gitignore
:000000 100644 0000000000... e69de29bb2... A    desktop/core/ext-py/josepy-1.1.0/docs/_templates/.gitignore
:000000 100644 0000000000... aa0de1f5b1... A    desktop/core/ext-py/josepy-1.1.0/docs/api/base64.rst
:000000 100644 0000000000... 0024401a39... A    desktop/core/ext-py/josepy-1.1.0/docs/api/errors.rst
:000000 100644 0000000000... cd882b0c03... A    desktop/core/ext-py/josepy-1.1.0/docs/api/interfaces.rst
:000000 100644 0000000000... d2509ba239... A    desktop/core/ext-py/josepy-1.1.0/docs/api/json_util.rst
:000000 100644 0000000000... 4744d8751f... A    desktop/core/ext-py/josepy-1.1.0/docs/api/jwa.rst
:000000 100644 0000000000... 578218ed10... A    desktop/core/ext-py/josepy-1.1.0/docs/api/jwk.rst
:000000 100644 0000000000... b364c3dee4... A    desktop/core/ext-py/josepy-1.1.0/docs/api/jws.rst
:000000 100644 0000000000... 3af53150ea... A    desktop/core/ext-py/josepy-1.1.0/docs/api/util.rst
:000000 100644 0000000000... 565b0521d0... A    desktop/core/ext-py/josepy-1.1.0/docs/changelog.rst
:000000 100644 0000000000... eaf49fad5a... A    desktop/core/ext-py/josepy-1.1.0/docs/conf.py
:000000 100644 0000000000... 2b912b6895... A    desktop/core/ext-py/josepy-1.1.0/docs/index.rst
:000000 100644 0000000000... 34cf5ce235... A    desktop/core/ext-py/josepy-1.1.0/docs/jws-help.txt
:000000 100644 0000000000... d7ff8f4054... A    desktop/core/ext-py/josepy-1.1.0/docs/man/jws.rst
:000000 100644 0000000000... 142b6ca357... A    desktop/core/ext-py/josepy-1.1.0/docs/requirements.txt
:000000 100644 0000000000... 0929e443b6... A    desktop/core/ext-py/josepy-1.1.0/pytest.ini
:000000 100644 0000000000... adf5ed72aa... A    desktop/core/ext-py/josepy-1.1.0/setup.cfg
:000000 100644 0000000000... d15dde4ea1... A    desktop/core/ext-py/josepy-1.1.0/setup.py
:000000 100644 0000000000... b4018d3430... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/__init__.py
:000000 100644 0000000000... 1be2f4c1c0... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/b64.py
:000000 100644 0000000000... 117cde0832... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/b64_test.py
:000000 100644 0000000000... 74c9443e1e... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/errors.py
:000000 100644 0000000000... d094f9cc19... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/errors_test.py
:000000 100644 0000000000... b2c62a8548... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/interfaces.py
:000000 100644 0000000000... f91ef42502... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/interfaces_test.py
:000000 100644 0000000000... 818a52c58e... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/json_util.py
:000000 100644 0000000000... 4c68559606... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/json_util_test.py
:000000 100644 0000000000... 2a6a2c7edd... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jwa.py
:000000 100644 0000000000... 1ced360cce... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jwa_test.py
:000000 100644 0000000000... e9071ea7e1... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jwk.py
:000000 100644 0000000000... a1289e69f8... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jwk_test.py
:000000 100644 0000000000... 64323458db... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jws.py
:000000 100644 0000000000... 252215ad6d... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/jws_test.py
:000000 100644 0000000000... da4120d0d3... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/test_util.py
:000000 100644 0000000000... 72ae227210... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/README
:000000 100644 0000000000... 3fdc9404f4... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-100sans.pem
:000000 100644 0000000000... 932649692b... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-idnsans.pem
:000000 100644 0000000000... dcb8359942... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert-san.pem
:000000 100644 0000000000... ab231982f2... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert.der
:000000 100644 0000000000... 96c55cbf40... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/cert.pem
:000000 100644 0000000000... 7aec8ab1c5... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/critical-san.pem
:000000 100644 0000000000... 199814126f... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-100sans.pem
:000000 100644 0000000000... 8f6b52bd77... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-6sans.pem
:000000 100644 0000000000... d6e91a420e... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-idnsans.pem
:000000 100644 0000000000... 813db67b0b... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-nosans.pem
:000000 100644 0000000000... a7128e35ca... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr-san.pem
:000000 100644 0000000000... d43ac85a16... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr.der
:000000 100644 0000000000... b6818e39d6... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/csr.pem
:000000 100644 0000000000... 78e1647125... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/dsa512_key.pem
:000000 100644 0000000000... de5339d030... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa1024_key.pem
:000000 100644 0000000000... 3944cd1dbc... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa2048_cert.pem
:000000 100644 0000000000... 5847aed556... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa2048_key.pem
:000000 100644 0000000000... 659274d1d9... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa256_key.pem
:000000 100644 0000000000... 610c8d3156... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/testdata/rsa512_key.pem
:000000 100644 0000000000... d2ed1c5ccb... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/util.py
:000000 100644 0000000000... 79f2d21d55... A    desktop/core/ext-py/josepy-1.1.0/src/josepy/util_test.py
:000000 100644 0000000000... 8a2feb694a... A    desktop/core/ext-py/josepy-1.1.0/tox.ini
:000000 100644 0000000000... afa1c65fc0... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/AUTHORS.rst
:000000 100644 0000000000... 0ea6ab961b... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/CONTRIBUTING.rst
:000000 100644 0000000000... 7f3d8e2755... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/HISTORY.rst
:000000 100644 0000000000... a612ad9813... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/LICENSE
:000000 100644 0000000000... e47620950a... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/MANIFEST.in
:000000 100644 0000000000... 467c55bbab... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/PKG-INFO
:000000 100644 0000000000... bb49c34c03... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/README.rst
:000000 100644 0000000000... 1f356cc57b... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/__init__.py
:000000 100644 0000000000... 4e1e970a07... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/auth.py
:000000 100644 0000000000... e01664c0a7... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/middleware.py
:000000 100644 0000000000... 5bb488e08c... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/urls.py
:000000 100644 0000000000... aed5241425... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/utils.py
:000000 100644 0000000000... 6bdc0be66a... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/mozilla_django_oidc/views.py
:000000 100644 0000000000... b54be5f41f... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/setup.cfg
:000000 100755 0000000000... d94cbecb1e... A    desktop/core/ext-py/mozilla-django-oidc-1.0.0/setup.py
:100644 100644 06c7e0c9c5... 043ec71083... M    desktop/core/src/desktop/auth/backend.py
:100644 100644 eedc81547d... 729dba27a6... M    desktop/core/src/desktop/conf.py
:100644 100644 46e3e3e489... dd870b4d6b... M    desktop/core/src/desktop/middleware.py
:100644 100644 3d66707790... c8f8500a38... M    desktop/core/src/desktop/settings.py
:100644 100644 8ccad92427... c2a9b20414... M    desktop/core/src/desktop/urls.py


  • 0
  • 0
  • 6
  • 0
  • 6
Description From Last Updated
  1. When configured, do we see the login page? (where the user can type the username / password or directly click on the button 'login with SSO')

    (so if we have both username/password backend and sso, we have 2 ways to login)

  2. Renamed to

    'desktop.auth.backend.OIDCBackend'

    ?

  3. nit:
    "Configuration options for using OIDCBackend (Core) login" --> "Configuration options for using OIDCBackend (Core) login for SSO"

  4. desktop/core/src/desktop/middleware.py (Diff revision 2)
     
     

    Remove 'Prototype'?

  5. desktop/core/src/desktop/settings.py (Diff revision 2)
     
     

    Would we need an helper to test if it is configured?

    So that we reuse it throughout Hue

    e.g.

    def is_oidc_configured():
    return 'desktop.auth.backend.OIDCBackend' in AUTHENTICATION_BACKENDS

  6. desktop/core/src/desktop/urls.py (Diff revision 2)
     
     

    Add urls only if oidc configured? (cf. previous comment on helper)

  7. 
      
  1. Ship It!
  2. 
      
Review request changed

Status: Closed (submitted)

Loading...