You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2018/07/06 20:19:41 UTC
svn commit: r1835278 - in /knox: site/books/knox-1-1-0/user-guide.html
site/index.html site/issue-tracking.html site/license.html
site/mail-lists.html site/project-info.html site/team-list.html
trunk/books/1.1.0/config_knox_sso.md
Author: more
Date: Fri Jul 6 20:19:41 2018
New Revision: 1835278
URL: http://svn.apache.org/viewvc?rev=1835278&view=rev
Log:
KNOX-1378 - Document knoxsso.expected.params option for KnoxSSO
Modified:
knox/site/books/knox-1-1-0/user-guide.html
knox/site/index.html
knox/site/issue-tracking.html
knox/site/license.html
knox/site/mail-lists.html
knox/site/project-info.html
knox/site/team-list.html
knox/trunk/books/1.1.0/config_knox_sso.md
Modified: knox/site/books/knox-1-1-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri Jul 6 20:19:41 2018
@@ -4028,6 +4028,11 @@ APACHE_HOME/bin/apachectl -k stop
<td>A semicolon-delimited list of regular expressions. The incoming originalUrl must match one of the expressions in order for KnoxSSO to redirect to it after authentication. Note that cookie use is still constrained to redirect destinations in the same domain as the KnoxSSO service - regardless of the expressions specified here. </td>
<td>The value of the gateway-site property named <em>gateway.dispatch.whitelist</em>. If that is not defined, the default allows only relative paths, localhost or destinations in the same domain as the Knox host (with or without SSL). This may need to be opened up for production use and actual participating applications.</td>
</tr>
+ <tr>
+ <td>knoxsso.expected.params </td>
+ <td>Optional: Comma separated list of query parameters that are expected and consumed by KnoxSSO and will not be passed on to originalUrl </td>
+ <td>empty</td>
+ </tr>
</tbody>
</table><h3><a id="Participating+Application+Configuration">Participating Application Configuration</a> <a href="#Participating+Application+Configuration"><img src="markbook-section-link.png"/></a></h3><h4><a id="Hadoop+Configuration+Example">Hadoop Configuration Example</a> <a href="#Hadoop+Configuration+Example"><img src="markbook-section-link.png"/></a></h4><p>The following is used as the KnoxSSO configuration in the Hadoop JWTRedirectAuthenticationHandler implementation. Any participating application will need similar configuration. Since JWTRedirectAuthenticationHandler extends the AltKerberosAuthenticationHandler, the typical Kerberos configuration parameters for authentication are also required.</p>
<pre><code><property>
Modified: knox/site/index.html
URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Announcing Apache Knox 1.0.0!</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Tracking</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/site/license.html
URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project License</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/site/project-info.html
URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/site/team-list.html
URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Team list</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>
</ul>
</div>
Modified: knox/trunk/books/1.1.0/config_knox_sso.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config_knox_sso.md?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config_knox_sso.md (original)
+++ knox/trunk/books/1.1.0/config_knox_sso.md Fri Jul 6 20:19:41 2018
@@ -100,6 +100,7 @@ knoxsso.cookie.domain.suffix | optio
knoxsso.token.ttl | This indicates the lifespan of the token within the cookie. Once it expires a new cookie must be acquired from KnoxSSO. This is in milliseconds. The 36000000 in the topology above gives you 10 hrs. | 30000 That is 30 seconds.
knoxsso.token.audiences | This is a comma separated list of audiences to add to the JWT token. This is used to ensure that a token received by a participating application knows that the token was intended for use with that application. It is optional. In the event that an application has expected audiences and they are not present the token must be rejected. In the event where the token has audiences and the application has none expected then the token is accepted.| empty
knoxsso.redirect.whitelist.regex | A semicolon-delimited list of regular expressions. The incoming originalUrl must match one of the expressions in order for KnoxSSO to redirect to it after authentication. Note that cookie use is still constrained to redirect destinations in the same domain as the KnoxSSO service - regardless of the expressions specified here. | The value of the gateway-site property named *gateway.dispatch.whitelist*. If that is not defined, the default allows only relative paths, localhost or destinations in the same domain as the Knox host (with or without SSL). This may need to be opened up for production use and actual participating applications.
+knoxsso.expected.params | Optional: Comma separated list of query parameters that are expected and consumed by KnoxSSO and will not be passed on to originalUrl | empty
### Participating Application Configuration