Azure - Cluster Authentication

> Azure > Azure - Authentication

1 - Token

When creating a cluster, the authentication is made through a token. The property fs.adl.oauth2.access.token.provider.type is Custom

core-site.xml
<property>
  <name>fs.adl.oauth2.access.token.provider.type</name>
  <value>Custom</value>
</property>
 
<property>
  <name>fs.azure.datalake.token.provider.script</name>
  <value>/usr/lib/hdinsight-common/scripts/decrypt.sh</value>
</property>
 
<property>
  <name>fs.azure.datalake.token.provider.service.urls</name>
  <value>http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken,http://gw3-42h.cechecmupznukhzwh.ax.internal.cloudapp.net:909/api/oauthtoken</value>
</property>

1.1 - How to get a token ?

  • You can get an encrypted token by calling one of the URL in fs.azure.datalake.token.provider.service.urls
  • That you can decrypt with the shell script set in the property fs.azure.datalake.token.provider.script

Example:

  • Get the encrypted token
curl curl http://gw1-42h.ceches310vkhzwh.ax.internal.cloudapp.net:909/api/oauthtoken
{"AccessToken":"MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….","ExpiresOn":1500447750098}
  • Decrypt it
/usr/lib/hdinsight-common/scripts/decrypt.sh MIIGHQYJKoZIhvcNAQcDoIIGDjCCBgoCAQA…….
EAw+eA8qSpvrvw0Tnsm3lOXVSdalW
Advertising

2 - Documentation / Reference

azure/auth/cluster.txt · Last modified: 2018/06/25 18:50 by gerardnico