You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2015/07/23 03:27:04 UTC
[jira] [Created] (KNOX-573) Make SecureOnly Configurable for SSO
Cookie in WebSSO
Larry McCay created KNOX-573:
--------------------------------
Summary: Make SecureOnly Configurable for SSO Cookie in WebSSO
Key: KNOX-573
URL: https://issues.apache.org/jira/browse/KNOX-573
Project: Apache Knox
Issue Type: Sub-task
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.7.0
Currently the cookie is always set as SecureOnly which requires the participating UIs to also have SSL enabled. This is the preferred mode and will remain the default configuration. This jira represents the ability to override that behavior explicitly for carefully considered and non-production use that would enable the cookie to be sent over unprotected channels.
It needs to be understood that this will allow for the cookie to be easily captured and replayed by a MIM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)