[jira] [Work logged] (HIVE-25957) Fix password based authentication with SAML enabled

Tue, 15 Feb 2022 11:08:22 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-25957?focusedWorklogId=727627&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-727627
 ]

ASF GitHub Bot logged work on HIVE-25957:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Feb/22 19:06
            Start Date: 15/Feb/22 19:06
    Worklog Time Spent: 10m 
      Work Description: hsnusonic commented on a change in pull request #3028:
URL: https://github.com/apache/hive/pull/3028#discussion_r807187720



##########
File path: 
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
##########
@@ -212,26 +213,26 @@ protected void doPost(HttpServletRequest request, 
HttpServletResponse response)
             } else {
               clientUserName = doKerberosAuth(request);
             }
-          } else if (HiveSamlUtils.isSamlAuthMode(authType)) {

Review comment:
       Yes, it is changed to use `authType.isEnabled()`. I didn't delete 
`HiveSamlUtils.isSamlAuthMode` in this patch because it is used in 
`ThriftHttpCLIService` and that would require more changes. We should 
eventually retire this function.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 727627)
    Time Spent: 40m  (was: 0.5h)

> Fix password based authentication with SAML enabled
> ---------------------------------------------------
>
>                 Key: HIVE-25957
>                 URL: https://issues.apache.org/jira/browse/HIVE-25957
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 4.0.0
>            Reporter: Yu-Wen Lai
>            Assignee: Yu-Wen Lai
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> In HIVE-25875, we allowed SAML to be set with other password based 
> authentication, but we pass NONE to the function doPasswordAuth. That is, any 
> requests use basic authentication header can bypass the password verification 
> because NONE means a no-op authentication.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to