Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Property

Value

Description

security.enabled

true

Enables authentication for CDAP. When set to true, all requests to CDAP must provide a valid access token.

security.authentication.mode

MANAGED

Determines the mode of authentication to use if security is enabled. Supported modes include MANAGED and PROXY. MANAGED mode supports a CDAP-managed authentication server and uses CDAP's access tokens to authenticate the user. PROXY mode assumes that authentication has already been performed upstream and instead extracts the user's identity and credentials from the configured headers.

security.auth.server.announce.urls

 

CDAP Authentication service announce URL's separated by comma. Each URL is in the format of protocol://host:port.

These are the URL's that clients should use to communicate with the Authentication Server.

Leave empty to use the default value generated by the Authentication Server.

security.auth.server.bind.address

0.0.0.0

IP address that the CDAP Authentication Server should bind to (default value shown).

security.auth.server.bind.port

10009

CDAP Authentication service bind port (default value shown).

Configuring Kerberos (

...

Optional)

To configure Kerberos authentication for various CDAP services, add these properties to cdap-site.xml:

...