Author: more
Date: Fri Jul 6 20:19:41 2018
New Revision: 1835278
URL: http://svn.apache.org/viewvc?rev=1835278&view=rev
Log:
KNOX-1378 - Document knoxsso.expected.params option for KnoxSSO
Modified:
knox/site/books/knox-1-1-0/user-guide.html
knox/site/index.html
knox/site/issue-tracking.html
knox/site/license.html
knox/site/mail-lists.html
knox/site/project-info.html
knox/site/team-list.html
knox/trunk/books/1.1.0/config_knox_sso.md
Modified: knox/site/books/knox-1-1-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri Jul 6 20:19:41 2018
@@ -4028,6 +4028,11 @@ APACHE_HOME/bin/apachectl -k stop
<td>A semicolon-delimited list of regular expressions. The incoming
originalUrl must match one of the expressions in order for KnoxSSO to redirect
to it after authentication. Note that cookie use is still constrained to
redirect destinations in the same domain as the KnoxSSO service - regardless of
the expressions specified here. </td>
<td>The value of the gateway-site property named
<em>gateway.dispatch.whitelist</em>. If that is not defined, the default allows
only relative paths, localhost or destinations in the same domain as the Knox
host (with or without SSL). This may need to be opened up for production use
and actual participating applications.</td>
</tr>
+ <tr>
+ <td>knoxsso.expected.params </td>
+ <td>Optional: Comma separated list of query parameters that are expected
and consumed by KnoxSSO and will not be passed on to originalUrl </td>
+ <td>empty</td>
+ </tr>
</tbody>
</table><h3><a id="Participating+Application+Configuration">Participating
Application Configuration</a> <a
href="#Participating+Application+Configuration"><img
src="markbook-section-link.png"/></a></h3><h4><a
id="Hadoop+Configuration+Example">Hadoop Configuration Example</a> <a
href="#Hadoop+Configuration+Example"><img
src="markbook-section-link.png"/></a></h4><p>The following is used as the
KnoxSSO configuration in the Hadoop JWTRedirectAuthenticationHandler
implementation. Any participating application will need similar configuration.
Since JWTRedirectAuthenticationHandler extends the
AltKerberosAuthenticationHandler, the typical Kerberos configuration parameters
for authentication are also required.</p>
<pre><code><property>
Modified: knox/site/index.html
URL:
http://svn.apache.org/viewvc/knox/site/index.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Announcing Apache Knox 1.0.0!</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/site/issue-tracking.html
URL:
http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Tracking</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/site/license.html
URL:
http://svn.apache.org/viewvc/knox/site/license.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project License</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/site/mail-lists.html
URL:
http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/site/project-info.html
URL:
http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/site/team-list.html
URL:
http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Fri Jul 6 20:19:41 2018
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180703" />
+ <meta name="Date-Revision-yyyymmdd" content="20180706" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Team list</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
- <li id="publishDate" class="pull-right">Last Published:
2018-07-03</li>
+ <li id="publishDate" class="pull-right">Last Published:
2018-07-06</li>
</ul>
</div>
Modified: knox/trunk/books/1.1.0/config_knox_sso.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config_knox_sso.md?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config_knox_sso.md (original)
+++ knox/trunk/books/1.1.0/config_knox_sso.md Fri Jul 6 20:19:41 2018
@@ -100,6 +100,7 @@ knoxsso.cookie.domain.suffix | optio
knoxsso.token.ttl | This indicates the lifespan of the token
within the cookie. Once it expires a new cookie must be acquired from KnoxSSO.
This is in milliseconds. The 36000000 in the topology above gives you 10 hrs. |
30000 That is 30 seconds.
knoxsso.token.audiences | This is a comma separated list of audiences
to add to the JWT token. This is used to ensure that a token received by a
participating application knows that the token was intended for use with that
application. It is optional. In the event that an application has expected
audiences and they are not present the token must be rejected. In the event
where the token has audiences and the application has none expected then the
token is accepted.| empty
knoxsso.redirect.whitelist.regex | A semicolon-delimited list of regular
expressions. The incoming originalUrl must match one of the expressions in
order for KnoxSSO to redirect to it after authentication. Note that cookie use
is still constrained to redirect destinations in the same domain as the KnoxSSO
service - regardless of the expressions specified here. | The value of the
gateway-site property named *gateway.dispatch.whitelist*. If that is not
defined, the default allows only relative paths, localhost or destinations in
the same domain as the Knox host (with or without SSL). This may need to be
opened up for production use and actual participating applications.
+knoxsso.expected.params | Optional: Comma separated list of query
parameters that are expected and consumed by KnoxSSO and will not be passed on
to originalUrl | empty
### Participating Application Configuration
