Druid Security using Microsoft Active Directory as Authentication

Can you use the Kerberos extension in Druid to configure Active Directory for Authentication?

Hey, Chris - Have you checked out - http://druid.io/docs/latest/development/extensions-core/druid-kerberos.html?

"

Increasing HTTP Header size for large SPNEGO negotiate header

In Active Directory environment, SPNEGO token in the Authorization header includes PAC (Privilege Access Certificate) information, which includes all security groups for the user. In some cases when the user belongs to many security groups the header to grow beyond what druid can handle by default. In such cases, max request header size that druid can handle can be increased by setting druid.server.http.maxRequestHeaderSize (default 8Kb) and druid.router.http.maxRequestBufferSize (default 8Kb)."

Thanks Daniel. Yes I did see that, but am having trouble finding any documentation showing AD and Druid use cases…or any setup steps.

Hi Chris,

I’m almost done working on an enhancement to the druid-basic-security extension that will provide support of LDAP/AD authentication and group role level authorization. I’m planning to submit a PR next week

Please review the following issue, I hope it will soon provide support for what you’re looking for.

https://github.com/apache/incubator-druid/issues/6416

Thanks,

Mohammad

Wow…that will be a life saver. Thank you.