You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Larry McCay (Jira)" <ji...@apache.org> on 2019/11/27 01:26:00 UTC

[jira] [Updated] (KNOX-1920) KnoxSSOut for SSO through Proxy with SSOCookieProvider

     [ https://issues.apache.org/jira/browse/KNOX-1920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Larry McCay updated KNOX-1920:
------------------------------
    Fix Version/s:     (was: 1.4.0)
                   1.5.0

> KnoxSSOut for SSO through Proxy with SSOCookieProvider
> ------------------------------------------------------
>
>                 Key: KNOX-1920
>                 URL: https://issues.apache.org/jira/browse/KNOX-1920
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO
>            Reporter: Larry McCay
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.5.0
>
>
> We need to investigate the possibility of extending rewrite rules to capture the logout click response and remove the knoxsso cookie by setting it to empty.
> I imagine this will require each service to indicate the pattern to look for in a redirect Location header or some other pattern specific to the application that will trigger a rewrite handler that invalidates the hadoop-jwt or otherwise configured cookie name.
> This will allow for applications that are leveraging their trusted proxy support and our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect - as long as any upstream IDP cookies have been removed or none exist. Our out of the box Form based Provider will work nicely this way.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)