You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2020/06/18 17:13:00 UTC
[jira] [Updated] (KNOX-2393) Add a configurable list of paths that
SSOCookieProvider can ignore
[ https://issues.apache.org/jira/browse/KNOX-2393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandeep More updated KNOX-2393:
-------------------------------
Description:
There are some cases where browser sends automatic GET requests [1] (e.g. favicon.ico) that can interfere with KnoxSSO flow depending on the timing of the requests and cause SSO page to land on favicon icon.
This could be achieved by adding a list of path for SSO to ignore using a property {{gateway.knox.sso.unauthenticated.path.list}}
e.g.
{code:xml}
<provider>
<role>federation</role>
<name>SSOCookieProvider</name>
<enabled>true</enabled>
<param>
<name>sso.authentication.provider.url</name>
<value>/gateway/knoxsso/api/v1/websso</value>
</param>
<param>
<name>gateway.knox.sso.unauthenticated.path.list</name>
<value>favicon.ico;test;unsafepath</value>
</param>
</provider>
{code}
[1] [https://bugs.chromium.org/p/chromium/issues/detail?id=39402]
was:
There are some cases where browser sends automatic GET requests [1] (e.g. favicon.ico) that can interfere with KnoxSSO flow depending on the timing of the requests and cause SSO page to land on favicon icon.
This could be achieved by adding a list of path for SSO to ignore using a property {{gateway.knox.sso.unauthenticated.path.list}}
{code:xml}
<provider>
<role>federation</role>
<name>SSOCookieProvider</name>
<enabled>true</enabled>
<param>
<name>sso.authentication.provider.url</name>
<value>/gateway/knoxsso/api/v1/websso</value>
</param>
<param>
<name>gateway.knox.sso.unauthenticated.path.list</name>
<value>favicon.ico;test;unsafepath</value>
</param>
</provider>
{code}
[1] [https://bugs.chromium.org/p/chromium/issues/detail?id=39402]
> Add a configurable list of paths that SSOCookieProvider can ignore
> ------------------------------------------------------------------
>
> Key: KNOX-2393
> URL: https://issues.apache.org/jira/browse/KNOX-2393
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 1.4.0
>
>
> There are some cases where browser sends automatic GET requests [1] (e.g. favicon.ico) that can interfere with KnoxSSO flow depending on the timing of the requests and cause SSO page to land on favicon icon.
> This could be achieved by adding a list of path for SSO to ignore using a property {{gateway.knox.sso.unauthenticated.path.list}}
> e.g.
> {code:xml}
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
> <value>/gateway/knoxsso/api/v1/websso</value>
> </param>
> <param>
> <name>gateway.knox.sso.unauthenticated.path.list</name>
> <value>favicon.ico;test;unsafepath</value>
> </param>
> </provider>
> {code}
> [1] [https://bugs.chromium.org/p/chromium/issues/detail?id=39402]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)