If the cookie isn't being presented then it is likely not in the same
domain.
This is required for cookie based solutions.
Otherwise, it could be set to secure only and ranger doesn't have SSL
enabled.
1. redirecting.jsp gets around same origin issue when redirecting to
something that isn't being proxied as well
2. it has to be checked twice to ensure that no one was intercepted and
changed the redirect page to a phishing page
On Mon, Oct 2, 2017 at 7:21 AM, Colm O hEigeartaigh <coheigea@apache.org>
wrote:
> Hi,
>
> I'm testing using KNOXSSO with Apache Ranger, unsuccessfully thus far. I am
> getting redirected back to Ranger, but apparently without the cookie, and
> Ranger is redirecting back to Knox again.
>
> Two initial questions:
>
> 1) I've noticed is that it is invoking 'redirecting.jsp' back to Ranger,
> but this is not invoked when starting from a Knox topology. Why is this?
>
> 2) When 'redirecting.jsp' is used, we are checking the whitelist twice
> (once in WebSSOResource and once in redirecting.jsp). Is the check in
> redirecting.jsp really necessary (it also means that
> 'knoxsso.redirect.whitelist.regex' must be configured, using the default
> doesn't work).
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
|