You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Sean Roberts (JIRA)" <ji...@apache.org> on 2018/02/27 16:30:00 UTC

[jira] [Updated] (AMBARI-23095) knoxsso.redirect.whitelist.regex should not require a port number

     [ https://issues.apache.org/jira/browse/AMBARI-23095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Roberts updated AMBARI-23095:
----------------------------------
    Description: 
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:

https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110

{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
{code}

Proposal is to make the port optional and validate that anything after the host or port starts with /.

{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
{code}


  was:
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:

https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110

{code}
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
{code}

Proposal is to make the port optional and validate that anything after the host or port starts with /.



> knoxsso.redirect.whitelist.regex should not require a port number
> -----------------------------------------------------------------
>
>                 Key: AMBARI-23095
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23095
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 2.5.0, trunk, 2.6.2
>            Reporter: Sean Roberts
>            Priority: Major
>              Labels: knox
>
> The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
> https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
> {code}
> Proposal is to make the port optional and validate that anything after the host or port starts with /.
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)