Configuring Hue with Multiple Authentication Backends and LDAP

Published on 07 August 2015 in - 1 minute read - Last modified on 06 March 2021

In the upcoming Hue 3.9 release, Hue will support the ability to configure multiple authentication backends.

Hue already allows you to authenticate with several authentication services including LDAP, OpenID, SAML, database, etc. With this latest feature, you can now configure multiple authentication sources for Hue to check, in order of priority, when authenticating and authorizing users.

For example, to enable Hue to first attempt LDAP directory lookup before falling back to the database-backed user model, we can update the hue.ini configuration file or Hue safety valve in Cloudera Manager with a list containing first the LdapBackend followed by either the ModelBackend or custom AllowFirstUserDjangoBackend (permits first login and relies on user model for all subsequent authentication):



[desktop]

[[auth]]

backend=desktop.auth.backend.LdapBackend,desktop.auth.backend.AllowFirstUserDjangoBackend

This tells Hue to first check against the configured LDAP directory service, and if the username is not found in the directory, then attempt to authenticate the user with the Django user manager.

Note

With the exception of OAuth authentication, we can continue to add additional backends to this configuration setting in order of precedence. However, currently if OAuth authentication is configured it must be the only backend specified in hue.ini.

As usual feel free to comment and send feedback on the hue-user list or @gethue!


comments powered by Disqus

More recent stories

03 May 2023
Discover the power of Apache Ozone using the Hue File Browser
Read More
23 January 2023
Hue 4.11 and its new dialects and features are out!
Read More