svn commit: r1852928 - in /knox: site/books/knox-1-2-0/user-guide.html site/books/knox-1-3-0/user-guide.html trunk/books/1.2.0/config_knox_sso.md trunk/books/1.3.0/config_knox_sso.md

Mon, 04 Feb 2019 07:11:00 -0800 

Author: krisden
Date: Mon Feb  4 15:10:51 2019
New Revision: 1852928

URL: http://svn.apache.org/viewvc?rev=1852928&view=rev
Log:
KNOX-1560 - Documentation for KNOX-1549 - KnoxSSO should support signing keys 
per topology

Modified:
    knox/site/books/knox-1-2-0/user-guide.html
    knox/site/books/knox-1-3-0/user-guide.html
    knox/trunk/books/1.2.0/config_knox_sso.md
    knox/trunk/books/1.3.0/config_knox_sso.md

Modified: knox/site/books/knox-1-2-0/user-guide.html
URL: 
http://svn.apache.org/viewvc/knox/site/books/knox-1-2-0/user-guide.html?rev=1852928&r1=1852927&r2=1852928&view=diff
==============================================================================
--- knox/site/books/knox-1-2-0/user-guide.html (original)
+++ knox/site/books/knox-1-2-0/user-guide.html Mon Feb  4 15:10:51 2019
@@ -4917,6 +4917,21 @@ APACHE_HOME/bin/apachectl -k stop
       <td>Optional: Comma separated list of query parameters that are expected 
and consumed by KnoxSSO and will not be passed on to originalUrl </td>
       <td>empty</td>
     </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.name </td>
+      <td>Optional: name of a JKS keystore in gateway security directory that 
has required signing key certificate </td>
+      <td>empty</td>
+    </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.alias </td>
+      <td>Optional: alias of the signing key certificate in the 
<code>knoxsso.signingkey.keystore.name</code> keystore </td>
+      <td>empty</td>
+    </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.passphrase.alias </td>
+      <td>Optional: passphrase alias for the signing key certificate </td>
+      <td>empty</td>
+    </tr>
   </tbody>
 </table>
 <h3><a id="Participating+Application+Configuration">Participating Application 
Configuration</a> <a href="#Participating+Application+Configuration"><img 
src="markbook-section-link.png"/></a></h3>

Modified: knox/site/books/knox-1-3-0/user-guide.html
URL: 
http://svn.apache.org/viewvc/knox/site/books/knox-1-3-0/user-guide.html?rev=1852928&r1=1852927&r2=1852928&view=diff
==============================================================================
--- knox/site/books/knox-1-3-0/user-guide.html (original)
+++ knox/site/books/knox-1-3-0/user-guide.html Mon Feb  4 15:10:51 2019
@@ -4989,6 +4989,21 @@ APACHE_HOME/bin/apachectl -k stop
       <td>Optional: Comma separated list of query parameters that are expected 
and consumed by KnoxSSO and will not be passed on to originalUrl </td>
       <td>empty</td>
     </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.name </td>
+      <td>Optional: name of a JKS keystore in gateway security directory that 
has required signing key certificate </td>
+      <td>empty</td>
+    </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.alias </td>
+      <td>Optional: alias of the signing key certificate in the 
<code>knoxsso.signingkey.keystore.name</code> keystore </td>
+      <td>empty</td>
+    </tr>
+    <tr>
+      <td>knoxsso.signingkey.keystore.passphrase.alias </td>
+      <td>Optional: passphrase alias for the signing key certificate </td>
+      <td>empty</td>
+    </tr>
   </tbody>
 </table>
 <h3><a id="Participating+Application+Configuration">Participating Application 
Configuration</a> <a href="#Participating+Application+Configuration"><img 
src="markbook-section-link.png"/></a></h3>

Modified: knox/trunk/books/1.2.0/config_knox_sso.md
URL: 
http://svn.apache.org/viewvc/knox/trunk/books/1.2.0/config_knox_sso.md?rev=1852928&r1=1852927&r2=1852928&view=diff
==============================================================================
--- knox/trunk/books/1.2.0/config_knox_sso.md (original)
+++ knox/trunk/books/1.2.0/config_knox_sso.md Mon Feb  4 15:10:51 2019
@@ -101,7 +101,9 @@ knoxsso.token.ttl                | This
 knoxsso.token.audiences          | This is a comma separated list of audiences 
to add to the JWT token. This is used to ensure that a token received by a 
participating application knows that the token was intended for use with that 
application. It is optional. In the event that an application has expected 
audiences and they are not present the token must be rejected. In the event 
where the token has audiences and the application has none expected then the 
token is accepted.| empty
 knoxsso.redirect.whitelist.regex | A semicolon-delimited list of regular 
expressions. The incoming originalUrl must match one of the expressions in 
order for KnoxSSO to redirect to it after authentication. Note that cookie use 
is still constrained to redirect destinations in the same domain as the KnoxSSO 
service - regardless of the expressions specified here. | The value of the 
gateway-site property named *gateway.dispatch.whitelist*. If that is not 
defined, the default allows only relative paths, localhost or destinations in 
the same domain as the Knox host (with or without SSL). This may need to be 
opened up for production use and actual participating applications.
 knoxsso.expected.params          | Optional: Comma separated list of query 
parameters that are expected and consumed by KnoxSSO and will not be passed on 
to originalUrl | empty
-
+knoxsso.signingkey.keystore.name | Optional: name of a JKS keystore in gateway 
security directory that has required signing key certificate | empty
+knoxsso.signingkey.keystore.alias | Optional: alias of the signing key 
certificate in the `knoxsso.signingkey.keystore.name` keystore | empty
+knoxsso.signingkey.keystore.passphrase.alias | Optional: passphrase alias for 
the signing key certificate | empty
 
 ### Participating Application Configuration
 #### Hadoop Configuration Example

Modified: knox/trunk/books/1.3.0/config_knox_sso.md
URL: 
http://svn.apache.org/viewvc/knox/trunk/books/1.3.0/config_knox_sso.md?rev=1852928&r1=1852927&r2=1852928&view=diff
==============================================================================
--- knox/trunk/books/1.3.0/config_knox_sso.md (original)
+++ knox/trunk/books/1.3.0/config_knox_sso.md Mon Feb  4 15:10:51 2019
@@ -101,7 +101,9 @@ knoxsso.token.ttl                | This
 knoxsso.token.audiences          | This is a comma separated list of audiences 
to add to the JWT token. This is used to ensure that a token received by a 
participating application knows that the token was intended for use with that 
application. It is optional. In the event that an application has expected 
audiences and they are not present the token must be rejected. In the event 
where the token has audiences and the application has none expected then the 
token is accepted.| empty
 knoxsso.redirect.whitelist.regex | A semicolon-delimited list of regular 
expressions. The incoming originalUrl must match one of the expressions in 
order for KnoxSSO to redirect to it after authentication. Note that cookie use 
is still constrained to redirect destinations in the same domain as the KnoxSSO 
service - regardless of the expressions specified here. | The value of the 
gateway-site property named *gateway.dispatch.whitelist*. If that is not 
defined, the default allows only relative paths, localhost or destinations in 
the same domain as the Knox host (with or without SSL). This may need to be 
opened up for production use and actual participating applications.
 knoxsso.expected.params          | Optional: Comma separated list of query 
parameters that are expected and consumed by KnoxSSO and will not be passed on 
to originalUrl | empty
-
+knoxsso.signingkey.keystore.name | Optional: name of a JKS keystore in gateway 
security directory that has required signing key certificate | empty
+knoxsso.signingkey.keystore.alias | Optional: alias of the signing key 
certificate in the `knoxsso.signingkey.keystore.name` keystore | empty
+knoxsso.signingkey.keystore.passphrase.alias | Optional: passphrase alias for 
the signing key certificate | empty
 
 ### Participating Application Configuration
 #### Hadoop Configuration Example

Reply via email to