knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (Jira)" <>
Subject [jira] [Updated] (KNOX-1920) KnoxSSOut for SSO through Proxy with SSOCookieProvider
Date Wed, 11 Nov 2020 17:35:00 GMT


Larry McCay updated KNOX-1920:
    Fix Version/s:     (was: 1.5.0)

> KnoxSSOut for SSO through Proxy with SSOCookieProvider
> ------------------------------------------------------
>                 Key: KNOX-1920
>                 URL:
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO
>            Reporter: Larry McCay
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.6.0
> We need to investigate the possibility of extending rewrite rules to capture the logout
click response and remove the knoxsso cookie by setting it to empty.
> I imagine this will require each service to indicate the pattern to look for in a redirect
Location header or some other pattern specific to the application that will trigger a rewrite
handler that invalidates the hadoop-jwt or otherwise configured cookie name.
> This will allow for applications that are leveraging their trusted proxy support and
our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect
- as long as any upstream IDP cookies have been removed or none exist. Our out of the box
Form based Provider will work nicely this way.

This message was sent by Atlassian Jira

View raw message