Support Proxy Authentication Mode

Description

Goal:
Support end user credential propagation from incoming http request or websocket payload throughout nodejs and backend services and all the way to auth extension.

Design:
We want to add a “Proxy” authentication mode and supporting attaching a credential to a Principal object. The “Proxy” auth mode will not spin up an authentication server and instead rely on an upstream proxy service to perform the authentication.

Context:
Currently authentication is required once security is enabled. However, there are use cases where authentication may be done upfront before requests are sent to nodejs. In such case, only authorization functionality is needed without additional authentication. Then end user credential in the incoming request should just be propagated as is throughout and to the auth extension.

Release Notes

Added support for PROXY authentication mode.

Activity

Show:
Dennis Li
March 9, 2021, 6:43 PM

This (and RBAC in general) might require some documentation additions to the CDAP documentation, and we’re currently looking into it.

Dennis Li
February 22, 2021, 9:39 PM

CDAP Backend Component PR:

Fixed

Assignee

Dennis Li

Reporter

Wangyuan Zhang

Labels

Docs Impact

Yes

UX Impact

None

Priority

Critical