Added:
knox/site/books/knox-1-5-0/knoxtokenmanagement_token_generation_ui-successful.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-5-0/knoxtokenmanagement_token_generation_ui-successful.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-5-0/knoxtokenmanagement_token_generation_ui-successful.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/site/books/knox-1-5-0/knoxtokenmanagement_token_management_ui-1.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-5-0/knoxtokenmanagement_token_management_ui-1.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-5-0/knoxtokenmanagement_token_management_ui-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: knox/site/books/knox-1-5-0/runtime-overview.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-5-0/runtime-overview.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-5-0/runtime-request-processing.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-5-0/runtime-request-processing.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Added: knox/site/books/knox-1-6-0/JDBC_TSS_DB_Design.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/JDBC_TSS_DB_Design.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange: knox/site/books/knox-1-6-0/JDBC_TSS_DB_Design.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: knox/site/books/knox-1-6-0/deployment-overview.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/deployment-overview.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-6-0/deployment-provider.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/deployment-provider.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-6-0/deployment-service.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/deployment-service.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-6-0/general_saml_flow.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/general_saml_flow.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Added: knox/site/books/knox-1-6-0/knoxtokenmanagement_homepage.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/knoxtokenmanagement_homepage.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange: knox/site/books/knox-1-6-0/knoxtokenmanagement_homepage.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-1.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-1.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-fail.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-fail.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-fail.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-successful.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-successful.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_generation_ui-successful.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/site/books/knox-1-6-0/knoxtokenmanagement_token_management_ui-1.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/knoxtokenmanagement_token_management_ui-1.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/site/books/knox-1-6-0/knoxtokenmanagement_token_management_ui-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: knox/site/books/knox-1-6-0/runtime-overview.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/runtime-overview.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-6-0/runtime-request-processing.png
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/runtime-request-processing.png?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-1-6-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-6-0/user-guide.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/books/knox-1-6-0/user-guide.html (original)
+++ knox/site/books/knox-1-6-0/user-guide.html Tue Nov 16 14:45:14 2021
@@ -5517,6 +5517,127 @@ APACHE_HOME/bin/apachectl -k stop
}
</code></pre>
<p>See documentation in Client Details for KnoxShell init, list and destroy
for commands that leverage this token service for CLI sessions.</p>
+<h4><a id="Token+Generation/Management+UIs">Token Generation/Management
UIs</a> <a href="#Token+Generation/Management+UIs"><img
src="markbook-section-link.png"/></a></h4>
+<h5><a id="Overview">Overview</a> <a href="#Overview"><img
src="markbook-section-link.png"/></a></h5>
+<p>In Apache Knox v1.6.0 the team added two new UIs that are directly
accessible from the Knox Home page:</p>
+<ul>
+ <li>Token Generation</li>
+ <li>Token Management</li>
+</ul>
+<p>By default, the <code>homepage</code> topology comes with the
<code>KNOXTOKEN</code> service enabled with the following attributes:</p>
+<ul>
+ <li>token TTL is set to 120 days</li>
+ <li>token service is enabled (default to keystore-based token state
service)</li>
+ <li>the admin user is allowed to renew/revoke tokens</li>
+</ul>
+<p>In this topology, homepage, two new applications were added in order to
display the above-listed UIs:</p>
+<ul>
+ <li><code>tokengen</code>: this is an old-style JSP UI, with a relatively
simple JS code included. The source is located in the <a
href="https://github.com/apache/knox/tree/v1.6.0/gateway-applications/src/main/resources/applications/tokengen";>gateway-applications</a>
Maven sub-module.</li>
+ <li><code>token-management</code>: this is an Angular UI. The source is
located in its own <a
href="https://github.com/apache/knox/tree/v1.6.0/knox-token-management-ui";>knox-token-management-ui</a>
Maven sub-module.</li>
+</ul>
+<p>On the Knox Home page, you will see a new town in the General Proxy
Information table like this:</p>
+<p><img src="knoxtokenmanagement_homepage.png" /></p>
+<p>However, the <em>Integration Token</em> links are disabled by default,
because token integration requires a gateway-level alias - called
<code>knox.token.hash.key</code> - being created and without that alias, it <a
href="https://github.com/apache/knox/pull/512";>does not make sense to show
those links</a>.</p>
+<h5><a id="Creating+the+token+hash+key">Creating the token hash key</a> <a
href="#Creating+the+token+hash+key"><img
src="markbook-section-link.png"/></a></h5>
+<p>As explained, if you would like to use Knox’s token generation
features, you will have to create a gateway-level alias with a 256, 384, or
512-bit length JWK. You can do it in - at least - two different ways:</p>
+<ol>
+ <li>You generate your own MAC (using <a
href="https://8gwifi.org/jwkfunctions.jsp";>this online tool</a> for instance)
and save it as an alias using Knox CLI.</li>
+ <li>You do it running the following Knox CLI command:<br/><code>generate-jwk
--saveAlias knox.token.hash.key</code></li>
+</ol>
+<p>The second option involves a newly created Knox CLI command called
<code>generate-jwk</code>:</p>
+<h5><a id="Token+state+service+implementations">Token state service
implementations</a> <a href="#Token+state+service+implementations"><img
src="markbook-section-link.png"/></a></h5>
+<p>There was an important step the Knox team made to provide more flexibility
for our end-users: there are some internal service implementations in Knox that
were hard-coded in the Java source code. One of those services is the
<code>Token State</code> service implementation which you can change in
gateway-site.xml going forward by setting the
<code>gateway.service.tokenstate.impl</code> property to any of:</p>
+<ol>
+
<li><code>org.apache.knox.gateway.services.token.impl.DefaultTokenStateService</code>
- keeps all token information in memory, therefore all of this information is
lost when Knox is shut down</li>
+
<li><code>org.apache.knox.gateway.services.token.impl.AliasBasedTokenStateService</code>
- token information is stored in the gateway credential store. This is a
durable option, but not suitable for HA deployments</li>
+
<li><code>org.apache.knox.gateway.services.token.impl.JournalBasedTokenStateService</code>
- token information is stored in plain files within
<code>$KNOX_DATA_DIR/security/token-state</code> folder. This option also
provides a durable persistence layer for tokens and it might be good for HA
scenarios too (in case of KNOX_DATA_DIR is on a shared drive), but the token
data is written out in plain text (i.e. not encrypted) so it’s less
secure.</li>
+
<li><code>org.apache.knox.gateway.services.token.impl.ZookeeperTokenStateService</code>
- this is an extension of the keystore-based approach. In this case, token
information is stored in Zookeeper using Knox aliases. The token’s alias
name equals to its generated token ID.</li>
+
<li><code>org.apache.knox.gateway.services.token.impl.JDBCTokenStateService</code>
- stores token information in relational databases. It’s not only
durable, but it’s perfectly fine with HA deployments. Currently,
PostgreSQL and MySQL databases are supported.</li>
+</ol>
+<p>By default, the <code>AliasBasedTokenStateService</code> implementation is
used.</p>
+<h5><a id="Configuring+the+JDBC+token+state+service">Configuring the JDBC
token state service</a> <a
href="#Configuring+the+JDBC+token+state+service"><img
src="markbook-section-link.png"/></a></h5>
+<p>If you want to use the newly implemented database token management,
youâve to set <code>gateway.service.tokenstate.impl</code> in
<em>gateway-site.xml</em> to
<code>org.apache.knox.gateway.services.token.impl.JDBCTokenStateService</code>.</p>
+<p>Now, that you have configured your token state backend, you need to
configure a valid database in <em>gateway-site.xml</em>. There are two ways to
do that:</p>
+<ol>
+ <li>You either declare database connection properties
one-by-one:<br/><code>gateway.database.type</code> - should be set to
<code>postgresql</code> or
<code>mysql</code><br/><code>gateway.database.host</code> - the host where your
DB server is running<br/><code>gateway.database.port</code> - the port that
your DB server is listening on<br/><code>gateway.database.name</code> - the
name of the database you are connecting to</li>
+ <li>Or you declare an all-in-one JDBC connection string called
<code>gateway.database.connection.url</code>. The following value will show you
how to connect to an SSL enabled PostgreSQL server:<br/><code>jdbc:<a
href="postgresql://$myPostgresServerHost:5432/postgres?user=postgres&ssl=true&sslmode=verify-full&sslrootcert=/usr/local/var/postgresql@10/data/root.crt">postgresql://$myPostgresServerHost:5432/postgres?user=postgres&ssl=true&sslmode=verify-full&sslrootcert=/usr/local/var/postgresql@10/data/root.crt</a></code></li>
+</ol>
+<p>If your database requires user/password authentication, the following
aliases must be saved into the Knox Gatewayâs credential store
(__gateway-credentials.jceks):</p>
+<ul>
+ <li><code>gateway_database_user</code> - the username</li>
+ <li><code>gateway_database_password</code> - the password</li>
+</ul>
+<h6><a id="Database+design">Database design</a> <a
href="#Database+design"><img src="markbook-section-link.png"/></a></h6>
+<p><img src="JDBC_TSS_DB_Design.png" /></p>
+<p>As you can see, there are only 2 tables:</p>
+<ul>
+ <li><code>KNOXTOKENS</code> contains basic information about the generated
token</li>
+ <li><code>KNOX_TOKEN_METADATA</code> contains an arbitrary number of
metadata information for the generated token. At the time of this document
being written the following metadata exist:
+ <ul>
+ <li><code>passcode</code> - this is the BASE-64 encoded value of the
generated passcode token MAC. That is, the BASE-64 decoded value is a
generated MAC.</li>
+ <li><code>userName</code> - the logged-in user who generated the
token</li>
+ <li><code>enabled</code> - this is a boolean flag indicating that the
given token is enabled or not (a <em>disabled</em> token cannot be used for
authentication purposes)</li>
+ <li><code>comment</code> - this is optional metadata, saved only if the
user enters something in the <em>Comment</em> input field on the <em>Token
Generation</em> page (see below)</li>
+ </ul>
+ </li>
+</ul>
+<h5><a id="Generating+a+token">Generating a token</a> <a
href="#Generating+a+token"><img src="markbook-section-link.png"/></a></h5>
+<p>Once you configured the <code>knox.token.hash.key</code> alias and
optionally customized your token state service, you are all set to generate
Knox tokens using the new Token Generation UI:</p>
+<p><img src="knoxtokenmanagement_token_generation_ui-1.png" /></p>
+<p>The following sections are displayed on the page:</p>
+<ul>
+ <li>status bar: here you can see an informative message on the configured
Token State backend. There are 3 different statuses:
+ <ul>
+ <li>ERROR: shown in red. This indicates a problem with the service
backend which makes the feature not work. Usually, this is visible when
end-users configure JDBC token state service, but they make a mistake in their
DB settings</li>
+ <li>WARN: displayed in yellow (see above picture). This indicates that
the feature is enabled and working, but there are some limitations</li>
+ <li>INFO: displayed in green. This indicates when the token management
backend is properly configured for HA and production deployments</li>
+ </ul>
+ </li>
+ <li>there is an information label explaining the purpose of the token
generation page</li>
+ <li>comment: this is an <em>optional</em> input field that allows end-users
to add meaningful comments (mnemonics) to their generated tokens. The maximum
length is 255 characters.</li>
+ <li>the <code>Configured maximum lifetime</code> informs the clients about
the <code>knox.token.ttl</code> property set in the <code>homepage</code>
topology (defaults to 120 days). If that property is not set (e.g. someone
removes it from he homepage topology), Knox uses a hard-coded value of 30
seconds (aka. default Knox token TTL)</li>
+ <li>Custom token lifetime can be set by adjusting the days/hours/minutes
spinners. The default configuration will yield one hour.</li>
+ <li>Clicking the Generate Token button will try to create a token for
you.</li>
+</ul>
+<h5><a id="About+the+generated+token+TTL">About the generated token TTL</a> <a
href="#About+the+generated+token+TTL"><img
src="markbook-section-link.png"/></a></h5>
+<p>Out of the box, Knox will display the custom lifetime spinners on the Token
Generation page. However, they can be hidden by setting the
<code>knox.token.lifespan.input.enabled</code> property to <code>false</code>
in the <code>homepage</code> topology. Given that possibility and the
configured maximum lifetime the generated token can have the following TTL
value:</p>
+<ul>
+ <li>there is no configured token TTL and lifespan inputs are disabled ->
the default TTL is used (30 seconds)</li>
+ <li>there is configured TTL and lifespan inputs are disabled -> the
configured TTL is used</li>
+ <li>there is configured TTL and lifespan inputs are enabled and lifespan
inputs result in a value that is less than or equal to the configured TTL ->
the lifespan query param is used</li>
+ <li>there is configured TTL and lifespan inputs are enabled and lifespan
inputs result in a value that is greater than the configured TTL -> the
configured TTL is used</li>
+</ul>
+<h5><a id="Successful+token+generation">Successful token generation</a> <a
href="#Successful+token+generation"><img
src="markbook-section-link.png"/></a></h5>
+<p><img src="knoxtokenmanagement_token_generation_ui-successful.png" /></p>
+<p>On the resulting page there is two sensitive information that you can use
in Knox to authenticate your request:</p>
+<ol>
+ <li>
+ <p><strong>JWT token</strong> - this is the serialized JWT and is fully
compatible with the old-style Bearer authorization method. Clicking the
<code>JWT Token</code> label on the page will copy the value into the
clipboard. You might want to use it as the âTokenâ user:</p>
+ <p><code>$ curl -ku
Token:eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL2hvbWVwYWdlXC9rbm94dG9rZW5cL2FwaVwvdjFcL2p3a3MuanNvbiIsImtpZCI6IkdsOTZfYTM2MTJCZWFsS2tURFRaOTZfVkVsLVhNRVRFRmZuNTRMQ1A2UDQiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvaG9tZXBhZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoiR2w5Nl9hMzYxMkJlYWxLa1REVFo5Nl9WRWwtWE1FVEVGZm41NExDUDZQNCIsImlzcyI6IktOT1hTU08iLCJleHAiOjE2MzY2MjU3MTAsIm1hbmFnZWQudG9rZW4iOiJ0cnVlIiwia25veC5pZCI6ImQxNjFjYWMxLWY5M2UtNDIyOS1hMGRkLTNhNzdhYjkxNDg3MSJ9.e_BNPf_G1iBrU0m3hul5VmmSbpw0w1pUAXl3czOcuxFOQ0Tki-Gq76fCBFUNdKt4QwLpNXxM321cH1TeMG4IhL-92QORSIZgRxY4OUtUgERzcU7-27VNYOzJbaRCjrx-Vb4bSriRJJDwbbXyAoEw_bjiP8EzFFJTPmGcctEzrOLWFk57cLO-2QLd2nbrNd4qmrRR6sEfP81Jg8UL-Ptp66vH_xalJJWuoyoNgGRmH8IMdLVwBgeLeVHiI7NmokuhO-vbctoEwV3Rt4pMpA0VSWGFN0MI4WtU0crjXXHg8U9xSZyOeyT3fMZBXctvBomhGlWaAvuT5AxQGyMMP3VLGw
https:/localhost:8443/gateway/sandbox/webhdfs/v1?op=LISTSTATUS</code>
<code>{"
;FileStatuses":{"FileStatus":[{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16386,"group":"supergroup","length":0,"modificationTime":1621238405734,"owner":"hdfs","pathSuffix":"tmp","permission":"1777","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16387,"group":"supergroup","length":0,"modificationTime":1621238326078,"owner":"hdfs","pathSuffix":"user","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"}]}}</code></p>
+ </li>
+ <li>
+ <p><strong>Passcode token</strong> - this is the serialized passcode
token, which you can use as the âPasscodeâ user (Clicking the
<code>Passcode Token</code> label on the page will copy the value into the
clipboard):</p>
+ <p><code>$ curl -ku
Passcode:WkRFMk1XTmhZekV0WmprelpTMDBNakk1TFdFd1pHUXRNMkUzTjJGaU9URTBPRGN4OjpPVEV5Tm1KbFltUXROVEUyWkMwME9HSTBMVGd4TTJZdE1HRmxaalJrWlRVNFpXRTA=
https://localhost:8443/gateway/sandbox/webhdfs/v1?op=LISTSTATUS</code>
<code>{"FileStatuses":{"FileStatus":[{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16386,"group":"supergroup","length":0,"modificationTime":1621238405734,"owner":"hdfs","pathSuffix":"tmp","permission":"1777","replication":0,"storagePolicy":0,"type":"DIRECTORY"},{"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16387,"group":"supergroup","length":0,"modificationTime":1621238326078,"owner":"hdfs","pathSuffix":"user","pe
rmission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"}]}}</code></p>
+ </li>
+</ol>
+<p>The reason, we needed to support the shorter <code>Passcode token</code>,
is that there are 3rd party tools where the long JWT exceeds input fields
limitations so we need to address this issue with shorter token values.</p>
+<p>The rest of the fields are complementary information such as the expiration
date/time of the generated token or the user who created it.</p>
+<h5><a id="Token+generation+failed">Token generation failed</a> <a
href="#Token+generation+failed"><img src="markbook-section-link.png"/></a></h5>
+<p>If there was an error during token generation, you will see a failure right
under the input field boxes (above the Generate Token button):</p>
+<p><img src="knoxtokenmanagement_token_generation_ui-fail.png" /></p>
+<p>The above error message indicates a failure that the admin user already
generated more tokens than they are allowed to. This limitation is configurable
in the <code>gateway-site.xml</code>:</p>
+<ul>
+ <li><code>gateway.knox.token.limit.per.user</code> - indicates the maximum
number of tokens a user can manage at the same time. <code>-1</code> means that
users are allowed to create/manage as many tokens as they want. This
configuration only applies when the server-managed token state is enabled
either in <code>gateway-site</code> or at the <code>topology</code> level.
Defaults to 10.</li>
+</ul>
+<h5><a id="Token+Management">Token Management</a> <a
href="#Token+Management"><img src="markbook-section-link.png"/></a></h5>
+<p>In addition to the token generation UI, Knox comes with a Token Management
UI where logged-in users can see all the active tokens that they generated
before. That is, if a token got expired and was removed from the underlying
token store, it won’t be displayed here.</p>
+<p><img src="knoxtokenmanagement_token_management_ui-1.png" /></p>
+<p>On this page, you will see basic information about your generated token(s)
and you can execute the following actions:</p>
+<ol>
+ <li>Enable/Disable - based on the current status, you can temporarily
enable/disable a token. Please note that disabled tokens are not allowed to use
for authentication purposes.</li>
+ <li>Revoke - you can remove the token from the persistent store. Please note
this action cannot be undone, once you revoked a token Knox will delete it from
the in-memory cache as well as the underlying persistent token storage</li>
+</ol>
+<p>In order to refresh the table, you can use the <code>Refresh icon</code>
above the table (if you generated tokens on another tab for instance).</p>
<h3><a id="Mutual+Authentication+with+SSL">Mutual Authentication with SSL</a>
<a href="#Mutual+Authentication+with+SSL"><img
src="markbook-section-link.png"/></a></h3>
<p>To establish a stronger trust relationship between client and server, we
provide mutual authentication with SSL via client certs. This is particularly
useful in providing additional validation for Preauthenticated SSO with HTTP
Headers. Rather than just IP address validation, connections will only be
accepted by Knox from clients presenting trusted certificates.</p>
<p>This behavior is configured for the entire gateway instance within the
gateway-site.xml file. All topologies deployed within the configured gateway
instance will require incoming connections to present trusted client
certificates during the SSL handshake. Otherwise, connections will be
refused.</p>
Modified: knox/site/index.html
URL:
http://svn.apache.org/viewvc/knox/site/index.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
src/site/markdown/index.md at 2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
src/site/markdown/index.md at 2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Announcing Apache Knox 1.6.0!</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/issue-management.html
URL:
http://svn.apache.org/viewvc/knox/site/issue-management.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/issue-management.html (original)
+++ knox/site/issue-management.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:issue-management
at 2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:issue-management
at 2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Issue Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/licenses.html
URL:
http://svn.apache.org/viewvc/knox/site/licenses.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/licenses.html (original)
+++ knox/site/licenses.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:licenses at
2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:licenses at
2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Licenses</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/mailing-lists.html
URL:
http://svn.apache.org/viewvc/knox/site/mailing-lists.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/mailing-lists.html (original)
+++ knox/site/mailing-lists.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:mailing-lists
at 2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:mailing-lists
at 2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/project-info.html
URL:
http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer
at 2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-site-plugin:3.7.1:CategorySummaryDocumentRenderer
at 2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/site/team.html
URL:
http://svn.apache.org/viewvc/knox/site/team.html?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
--- knox/site/team.html (original)
+++ knox/site/team.html Tue Nov 16 14:45:14 2021
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:team at
2021-11-04
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 from
org.apache.maven.plugins:maven-project-info-reports-plugin:3.0.0:team at
2021-11-16
| Rendered using Apache Maven Fluido Skin 1.7
-->
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20211104" />
+ <meta name="Date-Revision-yyyymmdd" content="20211116" />
<meta http-equiv="Content-Language" content="en" />
<title>Knox Gateway – Project Team</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.7.min.css" />
@@ -40,7 +40,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2021-11-04</li>
+ <li id="publishDate">Last Published: 2021-11-16</li>
</ul>
</div>
<div class="row-fluid">
Modified: knox/trunk/books/1.6.0/config_knox_token.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/1.6.0/config_knox_token.md?rev=1895087&r1=1895086&r2=1895087&view=diff
==============================================================================
Binary files - no diff available.
Propchange: knox/trunk/books/1.6.0/config_knox_token.md
------------------------------------------------------------------------------
--- svn:mime-type (added)
+++ svn:mime-type Tue Nov 16 14:45:14 2021
@@ -0,0 +1 @@
+application/octet-streamapplication/octet-streamapplication/octet-streamapplication/octet-streamapplication/octet-streamapplication/octet-stream
Added: knox/trunk/books/static/JDBC_TSS_DB_Design.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/JDBC_TSS_DB_Design.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange: knox/trunk/books/static/JDBC_TSS_DB_Design.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/trunk/books/static/knoxtokenmanagement_homepage.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/knoxtokenmanagement_homepage.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange: knox/trunk/books/static/knoxtokenmanagement_homepage.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-1.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-1.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-fail.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-fail.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-fail.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-successful.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-successful.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/trunk/books/static/knoxtokenmanagement_token_generation_ui-successful.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: knox/trunk/books/static/knoxtokenmanagement_token_management_ui-1.png
URL:
http://svn.apache.org/viewvc/knox/trunk/books/static/knoxtokenmanagement_token_management_ui-1.png?rev=1895087&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
knox/trunk/books/static/knoxtokenmanagement_token_management_ui-1.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
