knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From larry mccay <lmc...@apache.org>
Subject Re: KNOXSSO + Ranger
Date Mon, 02 Oct 2017 12:23:40 GMT
If the cookie isn't being presented then it is likely not in the same
domain.
This is required for cookie based solutions.

Otherwise, it could be set to secure only and ranger doesn't have SSL
enabled.

1. redirecting.jsp gets around same origin issue when redirecting to
something that isn't being proxied as well
2. it has to be checked twice to ensure that no one was intercepted and
changed the redirect page to a phishing page


On Mon, Oct 2, 2017 at 7:21 AM, Colm O hEigeartaigh <coheigea@apache.org>
wrote:

> Hi,
>
> I'm testing using KNOXSSO with Apache Ranger, unsuccessfully thus far. I am
> getting redirected back to Ranger, but apparently without the cookie, and
> Ranger is redirecting back to Knox again.
>
> Two initial questions:
>
> 1) I've noticed is that it is invoking 'redirecting.jsp' back to Ranger,
> but this is not invoked when starting from a Knox topology. Why is this?
>
> 2) When 'redirecting.jsp' is used, we are checking the whitelist twice
> (once in WebSSOResource and once in redirecting.jsp). Is the check in
> redirecting.jsp really necessary (it also means that
> 'knoxsso.redirect.whitelist.regex' must be configured, using the default
> doesn't work).
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message