You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Mark Caldwell (JIRA)" <ji...@apache.org> on 2016/12/09 20:19:58 UTC

[jira] [Updated] (KNOX-796) Ability to set Cookie Name in KnoxSSO

     [ https://issues.apache.org/jira/browse/KNOX-796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Caldwell updated KNOX-796:
-------------------------------
    Description: 
We have the ability to set the sso.cookie.name in SSOCookieFederationFilter (which is part of the gateway/provider/federation) but we do not have the ability to override the sso.cookie.name in WebSSOResource (which is part of gateway/service/knoxsso)

It would be nice to add the ability to override the cookie name so we can use specify custom cookie names and also to use different cookie for different services.

  private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";

Code from SSOCookieFederation
    // configured cookieName
    cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
    if (cookieName == null) {
      cookieName = DEFAULT_SSO_COOKIE_NAME;
    }


Code from WebSSOResource: (where cookie is hardcoded)
  private void addJWTHadoopCookie(String original, JWT token) {
    log.addingJWTCookie(token.toString());
    Cookie c = new Cookie(JWT_COOKIE_NAME,  token.toString());


  was:
We have the ability to set eh sso.cookie.name in SSOCookieFederationFilter (which is part of the gateway/provider/federation) but we do not have the ability to override the sso.cookie.name in WebSSOResource (which is part of gateway/service/knoxsso)

It would be nice to add the ability to override the cookie name so we can use specify custom cookie names and also to use different cookie for different services.

  private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";

Code from SSOCookieFederation
    // configured cookieName
    cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
    if (cookieName == null) {
      cookieName = DEFAULT_SSO_COOKIE_NAME;
    }


Code from WebSSOResource: (where cookie is hardcoded)
  private void addJWTHadoopCookie(String original, JWT token) {
    log.addingJWTCookie(token.toString());
    Cookie c = new Cookie(JWT_COOKIE_NAME,  token.toString());



> Ability to set Cookie Name in KnoxSSO
> -------------------------------------
>
>                 Key: KNOX-796
>                 URL: https://issues.apache.org/jira/browse/KNOX-796
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.10.0
>         Environment: linux
>            Reporter: Mark Caldwell
>            Priority: Minor
>              Labels: easyfix, security
>
> We have the ability to set the sso.cookie.name in SSOCookieFederationFilter (which is part of the gateway/provider/federation) but we do not have the ability to override the sso.cookie.name in WebSSOResource (which is part of gateway/service/knoxsso)
> It would be nice to add the ability to override the cookie name so we can use specify custom cookie names and also to use different cookie for different services.
>   private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
> Code from SSOCookieFederation
>     // configured cookieName
>     cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
>     if (cookieName == null) {
>       cookieName = DEFAULT_SSO_COOKIE_NAME;
>     }
> Code from WebSSOResource: (where cookie is hardcoded)
>   private void addJWTHadoopCookie(String original, JWT token) {
>     log.addingJWTCookie(token.toString());
>     Cookie c = new Cookie(JWT_COOKIE_NAME,  token.toString());



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)