Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.9.0
-
None
-
None
Description
Currently the algorithem by which Knox selects a provider when one one is not explicitly identified either by the deployment contributor or a topology is essentially random.
1. This frequently leads to confusions when runtime failures occur because an unexpected identity-assertion provider is selected. You can see the results of this in that we have been forced to explicitly identify the "Default" identity-assertion provider in all of our "out of the box" topology files.
2. While implementing KNOX-670 this also became inconvenient. In the simplest of cases, "stock" applications may be used and no "policies" may be required. That is no <gateway> section would be required in the topology file and no special meta-data would need to be added to the application. Currently you have to explicitly specify the "Default" identity-assertion and the "Anonymous" authentication providers otherwise unexpected results occur.
Attachments
Issue Links
- is related to
-
-
- Closed
-