Description
The following needs to be implemented in the scope of this JIRA:
- we need 4 new Gateway-level configurations:
- privileged user list (defaults to an empty collection)
- non-privileged user list (defaults to an empty collection)
- session limit for privileged users (defaults to 3)
- session limit for non-privileged users (defaults to 2)
- if a session limit for any of the groups is set to a negative number, that means the users in that group are allowed to have an unlimited number of sessions
- In addition to the new configs, a verifier has to be implemented that enforces the following business logic: if a user is listed in the above-introduced privileged/non-privileged collection AND is about to pass a configured session limit the verification should fail. The verification should succeed if the given user is declared neither a privileged nor a non-privileged user.
The new verifier implementation may be placed in the gateway-spi-common project for now.
Attachments
Issue Links
- is depended upon by
-
KNOX-2778 Enforce concurrent session limit in KnoxSSO
-
- Resolved
-
- links to
