You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (Jira)" <ji...@apache.org> on 2021/10/09 17:23:00 UTC

[jira] [Resolved] (KNOX-1920) KnoxSSOut for SSO through Proxy with SSOCookieProvider

     [ https://issues.apache.org/jira/browse/KNOX-1920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay resolved KNOX-1920.
-------------------------------
    Resolution: Fixed

> KnoxSSOut for SSO through Proxy with SSOCookieProvider
> ------------------------------------------------------
>
>                 Key: KNOX-1920
>                 URL: https://issues.apache.org/jira/browse/KNOX-1920
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO
>            Reporter: Larry McCay
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.6.0
>
>
> We need to investigate the possibility of extending rewrite rules to capture the logout click response and remove the knoxsso cookie by setting it to empty.
> I imagine this will require each service to indicate the pattern to look for in a redirect Location header or some other pattern specific to the application that will trigger a rewrite handler that invalidates the hadoop-jwt or otherwise configured cookie name.
> This will allow for applications that are leveraging their trusted proxy support and our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect - as long as any upstream IDP cookies have been removed or none exist. Our out of the box Form based Provider will work nicely this way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)