config_knox_token.md

amagyar Thu, 06 Oct 2022 02:57:44 -0700

Author: amagyar
Date: Thu Oct  6 09:57:37 2022
New Revision: 1904421

URL: http://svn.apache.org/viewvc?rev=1904421&view=rev
Log:
KNOX-2816 Add missing documentations KNOX-2819


Modified:
    knox/trunk/books/2.0.0/config_knox_token.md

Modified: knox/trunk/books/2.0.0/config_knox_token.md
URL: 
http://svn.apache.org/viewvc/knox/trunk/books/2.0.0/config_knox_token.md?rev=1904421&r1=1904420&r2=1904421&view=diff
==============================================================================
--- knox/trunk/books/2.0.0/config_knox_token.md (original)
+++ knox/trunk/books/2.0.0/config_knox_token.md Thu Oct  6 09:57:37 2022
@@ -57,6 +57,33 @@ The following curl example shows how to
 
     curl -ivk -H "Authorization: Bearer 
eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJndWVzdCIsImF1ZCI6InRva2VuYmFzZWQiLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNDg5OTQyMTg4fQ.bcqSK7zMnABEM_HVsm3oWNDrQ_ei7PcMI4AtZEERY9LaPo9dzugOg3PA5JH2BRF-lXM3tuEYuZPaZVf8PenzjtBbuQsCg9VVImuu2r1YNVJlcTQ7OV-eW50L6OTI0uZfyrFwX6C7jVhf7d7YR1NNxs4eVbXpS1TZ5fDIRSfU3MU"
 https://localhost:8443/gateway/tokenbased/webhdfs/v1/tmp?op=LISTSTATUS
 
+If you want tokens to include group membership informations, add a 
`knox.token.include.groups` query parameter to the URL.
+
+    curl -u admin:admin-password -k 
"https://localhost:8443/gateway/homepage/knoxtoken/api/v1/token?knox.token.include.groups=true";
+
+The response contains the token with the group information:
+
+    {
+          "sub": "admin",
+          "jku": 
"https://localhost:8443/gateway/homepage/knoxtoken/api/v1/jwks.json";,
+          "kid": "oigA7mZCwA2d7oimQyUaB0oDAfhI-1Bjq9y1n-Mw_OU",
+          "iss": "KNOXSSO",
+          "exp": 1649777837,
+          "knox.groups": [
+            "admin-group2",
+            "admin-group1"
+          ],
+          "managed.token": "true",
+          "knox.id": "dfeb8979-7f00-4938-bbff-1bc7574bb53d"
+    }
+
+This feature is enabled by default. If you want to disable it, add the 
following configuration to the KNOXTOKEN service.
+
+         <param>
+            <name>knox.token.include.groups.allowed</name> <!-- default = true 
-->
+            <value>false</value>
+        </param>
+
 #### KnoxToken Renewal and Revocation
 
 The KnoxToken service supports the renewal and explicit revocation of tokens 
it has issued.

svn commit: r1904421 - /knox/trunk/books/2.0.0/config_knox_token.md

Reply via email to