You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2020/03/11 14:41:00 UTC
[jira] [Resolved] (KNOX-2211) AliasBasedTokenStateService should
store token state in topology-specific credential stores
[ https://issues.apache.org/jira/browse/KNOX-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Philip Zampino resolved KNOX-2211.
----------------------------------
Resolution: Not A Problem
The primary motivation for this issue was a concern around uniqueness of aliases in the keystore, but KNOX-2266 alleviates that concern. Without another significant driver, supporting this would only add unnecessary complexity.
> AliasBasedTokenStateService should store token state in topology-specific credential stores
> -------------------------------------------------------------------------------------------
>
> Key: KNOX-2211
> URL: https://issues.apache.org/jira/browse/KNOX-2211
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.4.0
> Reporter: Philip Zampino
> Assignee: Philip Zampino
> Priority: Major
>
> Currently, the AliasBasedTokenStateService persists all token state in the gateway's central credential store rather than a topology-specific credential store. This was done because the providers that also employ the TokenStateService do not know from which topology a token was produced, and therefore have not enough information to correctly specify a topology credential store.
> It may be possible to include this missing topology information in the tokens themselves, such that the providers (or the TokenStateService) would be able to correctly specify the topology credential store.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)