You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/06/09 18:58:00 UTC

[jira] [Commented] (KNOX-2383) Knox token is expired upon immediate token request after creation

    [ https://issues.apache.org/jira/browse/KNOX-2383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17129712#comment-17129712 ] 

ASF subversion and git services commented on KNOX-2383:
-------------------------------------------------------

Commit 9b9b4ead5bcd1b40ec9c6efd36d78297857dc6bb in knox's branch refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=9b9b4ea ]

KNOX-2383 - Checking token expiration in cache should not depend on the validate flag (#341)



> Knox token is expired upon immediate token request after creation
> -----------------------------------------------------------------
>
>                 Key: KNOX-2383
>                 URL: https://issues.apache.org/jira/browse/KNOX-2383
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.5.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>              Labels: TokenAuth, token
>             Fix For: 1.5.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> *Steps to reproduce*
>  # have a topology with JWT federation provider (let's call it {{tokenbased)}} and add a valid HDFS UI service in there (the service itself does not really matter, it's just the fastest way in my environment to reproduce the issue). It's important that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the {{JWT federation provider}}.
>  # get a Knox delegation token using the {{KNOXTOKEN}} service. It's important that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the {{KNOXTOKEN}} service.
>  # right after the previous call, try to hit the HDFS UI via the previously created {{tokenbased}} topology
> *Current results*
> The last action fails as the JWT provider receives the following error:
> {code:java}
> HTTP ERROR 400 Bad request: token has expired {code}
> *Expected results*
> HDFS UI should have been displayed w/o any issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)