You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2015/07/23 03:27:04 UTC

[jira] [Created] (KNOX-573) Make SecureOnly Configurable for SSO Cookie in WebSSO

Larry McCay created KNOX-573:
--------------------------------

             Summary: Make SecureOnly Configurable for SSO Cookie in WebSSO
                 Key: KNOX-573
                 URL: https://issues.apache.org/jira/browse/KNOX-573
             Project: Apache Knox
          Issue Type: Sub-task
          Components: Server
            Reporter: Larry McCay
            Assignee: Larry McCay
             Fix For: 0.7.0


Currently the cookie is always set as SecureOnly which requires the participating UIs to also have SSL enabled. This is the preferred mode and will remain the default configuration. This jira represents the ability to override that behavior explicitly for carefully considered and non-production use that would enable the cookie to be sent over unprotected channels.

It needs to be understood that this will allow for the cookie to be easily captured and replayed by a MIM.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)