You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2020/06/09 08:32:00 UTC
[jira] [Updated] (KNOX-2383) Knox token is expired upon immediate
token request after creation
[ https://issues.apache.org/jira/browse/KNOX-2383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated KNOX-2383:
--------------------------------
Description:
*Steps to reproduce*
# have a topology with JWT federation provider (let's call it {{tokenbased)}} and add a valid HDFS UI service in there (the service itself does not really matter, it's just the fastest way in my environment to reproduce the issue)
# get a Knox delegation token using the {{KNOXTOKEN}} service. It's important that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the {{KNOXTOKEN}} service.
# right after the previous call, try to hit the HDFS UI via the previously created {{tokenbased}} topology
*Current results*
The last action fails as the JWT provider receives the following error:
{code:java}
HTTP ERROR 400 Bad request: token has expired {code}
*Expected results*
HDFS UI should have been displayed w/o any issue.
was:
*Steps to reproduce*
# have a topology with JWT federation provider (let's call it {{tokenbased)}} and add a valid HDFS UI service in there (the service itself does not really matter, it's just the fastest way in my environment to reproduce the issue)
# get a Knox delegation token using the {{KNOXTOKEN}} service. It's important that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the {{KNOXTOKEN }}service.
# right after the previous call, try to hit the HDFS UI via the previously created {{tokenbased}} topology
*Current results*
The last action fails as the JWT provider receives the following error:
{code:java}
HTTP ERROR 400 Bad request: token has expired {code}
*Expected results*
HDFS UI should have been displayed w/o any issue.
> Knox token is expired upon immediate token request after creation
> -----------------------------------------------------------------
>
> Key: KNOX-2383
> URL: https://issues.apache.org/jira/browse/KNOX-2383
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: TokenAuth, token
> Fix For: 1.5.0
>
>
> *Steps to reproduce*
> # have a topology with JWT federation provider (let's call it {{tokenbased)}} and add a valid HDFS UI service in there (the service itself does not really matter, it's just the fastest way in my environment to reproduce the issue)
> # get a Knox delegation token using the {{KNOXTOKEN}} service. It's important that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the {{KNOXTOKEN}} service.
> # right after the previous call, try to hit the HDFS UI via the previously created {{tokenbased}} topology
> *Current results*
> The last action fails as the JWT provider receives the following error:
> {code:java}
> HTTP ERROR 400 Bad request: token has expired {code}
> *Expected results*
> HDFS UI should have been displayed w/o any issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)