Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1920

KnoxSSOut for SSO through Proxy with SSOCookieProvider

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.6.0
    • KnoxSSO
    • None

    Description

      We need to investigate the possibility of extending rewrite rules to capture the logout click response and remove the knoxsso cookie by setting it to empty.

      I imagine this will require each service to indicate the pattern to look for in a redirect Location header or some other pattern specific to the application that will trigger a rewrite handler that invalidates the hadoop-jwt or otherwise configured cookie name.

      This will allow for applications that are leveraging their trusted proxy support and our SSOCookieProvider to be able to logout of SSO as well as their own sessions before redirect - as long as any upstream IDP cookies have been removed or none exist. Our out of the box Form based Provider will work nicely this way.

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. KNOX-2625 Enhance KnoxSSO to Support Session Timeout and Logout

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Knox SSO KIP

          Activity

            People

              smolnar Sandor Molnar
              lmccay Larry McCay
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: