knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (Jira)" <j...@apache.org>
Subject [jira] [Updated] (KNOX-1920) KnoxSSOut for SSO through Proxy with SSOCookieProvider
Date Wed, 11 Nov 2020 17:35:00 GMT

     [ https://issues.apache.org/jira/browse/KNOX-1920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Larry McCay updated KNOX-1920:
------------------------------
    Fix Version/s:     (was: 1.5.0)
                   1.6.0

> KnoxSSOut for SSO through Proxy with SSOCookieProvider
> ------------------------------------------------------
>
>                 Key: KNOX-1920
>                 URL: https://issues.apache.org/jira/browse/KNOX-1920
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO
>            Reporter: Larry McCay
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.6.0
>
>
> We need to investigate the possibility of extending rewrite rules to capture the logout
click response and remove the knoxsso cookie by setting it to empty.
> I imagine this will require each service to indicate the pattern to look for in a redirect
Location header or some other pattern specific to the application that will trigger a rewrite
handler that invalidates the hadoop-jwt or otherwise configured cookie name.
> This will allow for applications that are leveraging their trusted proxy support and
our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect
- as long as any upstream IDP cookies have been removed or none exist. Our out of the box
Form based Provider will work nicely this way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message