[ https://issues.apache.org/jira/browse/KNOX-1920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay updated KNOX-1920: ------------------------------ Fix Version/s: (was: 1.5.0) 1.6.0 > KnoxSSOut for SSO through Proxy with SSOCookieProvider > ------------------------------------------------------ > > Key: KNOX-1920 > URL: https://issues.apache.org/jira/browse/KNOX-1920 > Project: Apache Knox > Issue Type: Improvement > Components: KnoxSSO > Reporter: Larry McCay > Assignee: Sandor Molnar > Priority: Major > Fix For: 1.6.0 > > > We need to investigate the possibility of extending rewrite rules to capture the logout click response and remove the knoxsso cookie by setting it to empty. > I imagine this will require each service to indicate the pattern to look for in a redirect Location header or some other pattern specific to the application that will trigger a rewrite handler that invalidates the hadoop-jwt or otherwise configured cookie name. > This will allow for applications that are leveraging their trusted proxy support and our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect - as long as any upstream IDP cookies have been removed or none exist. Our out of the box Form based Provider will work nicely this way. -- This message was sent by Atlassian Jira (v8.3.4#803005)