You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by Christopher Jackson <ja...@gmail.com> on 2015/11/23 15:52:22 UTC
I'd like to contribute.
Hi Guys,
I’d like to work on KNOX-571, can someone assign it to me? My approach will be as the reporter suggested: creating an additional provider with the necessary filter to expire the session. I will only create a provider for the default (shiro auth) for now.
Regards,
Christopher Jackson
Re: I'd like to contribute.
Posted by larry mccay <lm...@apache.org>.
Hi Christopher -
Great to hear that you are interested in working on this!
I am reviewing the proposal again and will comment more once I have a
handle on it again.
My first thought however is that it should not be limited to Shiro.
There is a pretty general need for logout that can probably be leveraged
across authentication/federation providers.
I'm thinking that we need a new Knox REST API for logout.
It would be a jersey based service - similar to the knoxsso module.
It would also be configurable to take a list of header names to remove upon
invocation.
We would need to determine the authentication/federation provider
requirements in order to actually call logout - if any.
If they are different than that of the topology that hosts the Knox UI
service configuration than it may need to be in its own topology - again
like knoxsso.
We will need to drill into that a bit.
What are your thoughts?
thanks,
--larry
On Mon, Nov 23, 2015 at 9:52 AM, Christopher Jackson <
jackson.christopher.lee@gmail.com> wrote:
> Hi Guys,
>
> I’d like to work on KNOX-571, can someone assign it to me? My approach
> will be as the reporter suggested: creating an additional provider with the
> necessary filter to expire the session. I will only create a provider for
> the default (shiro auth) for now.
>
> Regards,
> Christopher Jackson