knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: KNOXSSO + Ranger
Date Mon, 02 Oct 2017 12:54:53 GMT
Thanks Larry! The issue was that Ranger didn't have SSL enabled, all
working correctly now.

Colm.

On Mon, Oct 2, 2017 at 1:23 PM, larry mccay <lmccay@apache.org> wrote:

> If the cookie isn't being presented then it is likely not in the same
> domain.
> This is required for cookie based solutions.
>
> Otherwise, it could be set to secure only and ranger doesn't have SSL
> enabled.
>
> 1. redirecting.jsp gets around same origin issue when redirecting to
> something that isn't being proxied as well
> 2. it has to be checked twice to ensure that no one was intercepted and
> changed the redirect page to a phishing page
>
>
> On Mon, Oct 2, 2017 at 7:21 AM, Colm O hEigeartaigh <coheigea@apache.org>
> wrote:
>
> > Hi,
> >
> > I'm testing using KNOXSSO with Apache Ranger, unsuccessfully thus far. I
> am
> > getting redirected back to Ranger, but apparently without the cookie, and
> > Ranger is redirecting back to Knox again.
> >
> > Two initial questions:
> >
> > 1) I've noticed is that it is invoking 'redirecting.jsp' back to Ranger,
> > but this is not invoked when starting from a Knox topology. Why is this?
> >
> > 2) When 'redirecting.jsp' is used, we are checking the whitelist twice
> > (once in WebSSOResource and once in redirecting.jsp). Is the check in
> > redirecting.jsp really necessary (it also means that
> > 'knoxsso.redirect.whitelist.regex' must be configured, using the default
> > doesn't work).
> >
> > Colm.
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message