You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/06/18 17:28:00 UTC
[jira] [Work logged] (KNOX-2393) Add a configurable list of paths
that SSOCookieProvider can ignore
[ https://issues.apache.org/jira/browse/KNOX-2393?focusedWorklogId=447947&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-447947 ]
ASF GitHub Bot logged work on KNOX-2393:
----------------------------------------
Author: ASF GitHub Bot
Created on: 18/Jun/20 17:27
Start Date: 18/Jun/20 17:27
Worklog Time Spent: 10m
Work Description: moresandeep opened a new pull request #349:
URL: https://github.com/apache/knox/pull/349
This patch was tested on local cluster
## What changes were proposed in this pull request?
This change proposes adding a configurable parameter that adds a list of path elements to be ignored by SSOCookieProvider. Default set includes favicon.ico.
This is because Browsers will send unsolicited requests to get favicon.ico which can break SSO experience especially when default topology feature is used when content is served from the root.
## How was this patch tested?
This patch was tested on a local cluster.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 447947)
Remaining Estimate: 0h
Time Spent: 10m
> Add a configurable list of paths that SSOCookieProvider can ignore
> ------------------------------------------------------------------
>
> Key: KNOX-2393
> URL: https://issues.apache.org/jira/browse/KNOX-2393
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 1.4.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> There are some cases where browser sends automatic GET requests [1] (e.g. favicon.ico) that can interfere with KnoxSSO flow depending on the timing of the requests and cause SSO page to land on favicon icon.
> This could be achieved by adding a list of path for SSO to ignore using a property {{gateway.knox.sso.unauthenticated.path.list}}
> e.g.
> {code:xml}
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
> <value>/gateway/knoxsso/api/v1/websso</value>
> </param>
> <param>
> <name>gateway.knox.sso.unauthenticated.path.list</name>
> <value>favicon.ico;test;unsafepath</value>
> </param>
> </provider>
> {code}
> [1] [https://bugs.chromium.org/p/chromium/issues/detail?id=39402]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)