I'd like to contribute.

[Christopher Jackson <ja...@gmail.com>]

Hi Guys,

I’d like to work on KNOX-571, can someone assign it to me? My approach will be as the reporter suggested: creating an additional provider with the necessary filter to expire the session. I will only create a provider for the default (shiro auth) for now.

Regards,
Christopher Jackson

Re: I'd like to contribute.

[larry mccay <lm...@apache.org>]

Hi Christopher -

Great to hear that you are interested in working on this!

I am reviewing the proposal again and will comment more once I have a
handle on it again.

My first thought however is that it should not be limited to Shiro.
There is a pretty general need for logout that can probably be leveraged
across authentication/federation providers.

I'm thinking that we need a new Knox REST API for logout.
It would be a jersey based service - similar to the knoxsso module.

It would also be configurable to take a list of header names to remove upon
invocation.

We would need to determine the authentication/federation provider
requirements in order to actually call logout - if any.
If they are different than that of the topology that hosts the Knox UI
service configuration than it may need to be in its own topology - again
like knoxsso.

We will need to drill into that a bit.

What are your thoughts?

thanks,

--larry


On Mon, Nov 23, 2015 at 9:52 AM, Christopher Jackson <
jackson.christopher.lee@gmail.com> wrote:

> Hi Guys,
>
> I’d like to work on KNOX-571, can someone assign it to me? My approach
> will be as the reporter suggested: creating an additional provider with the
> necessary filter to expire the session. I will only create a provider for
> the default (shiro auth) for now.
>
> Regards,
> Christopher Jackson