You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2019/07/10 20:54:00 UTC

[jira] [Created] (KNOX-1920) KnoxSSOut for SSO through Proxy with SSOCookieProvider

Larry McCay created KNOX-1920:
---------------------------------

             Summary: KnoxSSOut for SSO through Proxy with SSOCookieProvider
                 Key: KNOX-1920
                 URL: https://issues.apache.org/jira/browse/KNOX-1920
             Project: Apache Knox
          Issue Type: Improvement
          Components: KnoxSSO
            Reporter: Larry McCay
             Fix For: 1.4.0


We need to investigate the possibility of extending rewrite rules to capture the logout click response and remove the knoxsso cookie by setting it to empty.

I imagine this will require each service to indicate the pattern to look for in a redirect Location header or some other pattern specific to the application that will trigger a rewrite handler that invalidates the hadoop-jwt or otherwise configured cookie name.

This will allow for applications that are leveraging their trusted proxy support and our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect - as long as any upstream IDP cookies have been removed or none exist. Our out of the box Form based Provider will work nicely this way.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)