knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From larry mccay <lmc...@apache.org>
Subject Re: KNOXSSO + Ranger
Date Mon, 02 Oct 2017 13:58:33 GMT
Good to hear!

On Mon, Oct 2, 2017 at 8:54 AM, Colm O hEigeartaigh <coheigea@apache.org>
wrote:

> Thanks Larry! The issue was that Ranger didn't have SSL enabled, all
> working correctly now.
>
> Colm.
>
> On Mon, Oct 2, 2017 at 1:23 PM, larry mccay <lmccay@apache.org> wrote:
>
> > If the cookie isn't being presented then it is likely not in the same
> > domain.
> > This is required for cookie based solutions.
> >
> > Otherwise, it could be set to secure only and ranger doesn't have SSL
> > enabled.
> >
> > 1. redirecting.jsp gets around same origin issue when redirecting to
> > something that isn't being proxied as well
> > 2. it has to be checked twice to ensure that no one was intercepted and
> > changed the redirect page to a phishing page
> >
> >
> > On Mon, Oct 2, 2017 at 7:21 AM, Colm O hEigeartaigh <coheigea@apache.org
> >
> > wrote:
> >
> > > Hi,
> > >
> > > I'm testing using KNOXSSO with Apache Ranger, unsuccessfully thus far.
> I
> > am
> > > getting redirected back to Ranger, but apparently without the cookie,
> and
> > > Ranger is redirecting back to Knox again.
> > >
> > > Two initial questions:
> > >
> > > 1) I've noticed is that it is invoking 'redirecting.jsp' back to
> Ranger,
> > > but this is not invoked when starting from a Knox topology. Why is
> this?
> > >
> > > 2) When 'redirecting.jsp' is used, we are checking the whitelist twice
> > > (once in WebSSOResource and once in redirecting.jsp). Is the check in
> > > redirecting.jsp really necessary (it also means that
> > > 'knoxsso.redirect.whitelist.regex' must be configured, using the
> default
> > > doesn't work).
> > >
> > > Colm.
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message