[
https://issues.apache.org/jira/browse/ATLAS-5063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paresh Devalia updated ATLAS-5063:
----------------------------------
Description:
Previously, in Atlas UI, clicking the Logout button would redirect users to the
Knox session termination page, but the user session wouldn’t be properly
terminated. As a result, pressing the Back button would bring the user back
into the logged-in Atlas UI.
To address this issue, several changes have been introduced:
* A new checkSso API has been implemented to detect whether the session is
SSO-based by checking for the presence of the hadoop-jwt cookie.
* Based on the API response:
#
## If true (SSO session), the frontend redirects the user to a default action
page for session termination.
## If false (non-SSO), it redirects the user to the traditional login.jsp.
* The CustomLogoutSuccessHandler has been added to properly handle logout
logic.
* Modifications have been made in:
# AtlasKnoxSSOAuthenticationFilter to support the new logic.
# AtlasSecurityConfig to enhance logout behavior based on session type.
These changes ensure proper session termination behavior and prevent access to
protected resources after logout, even via browser navigation.
was:
# Previously, In the case of Atlas UI, the 'log out' button would redirect the
user to the Knox session termination page but won't actually log out the user.
# Hitting the back button would take the user to the logged in Atlas UI.
# If user does log out, from backend Atlas will check if the request is knox
sso one or not. Accordingly that api will send response to UI.
# And from UI end, it will be redirected to the new implemented logout page.
# To handle this, a new checkSso API is introduced to determine if the session
is SSO-based by checking the presence of the hadoop-jwt cookie.
# Based on the response (true or false), the frontend now redirects either to
a default action page (for SSO sessions) or to the traditional login.jsp.
# Additionally, a CustomLogoutSuccessHandler has been added for proper logout
handling. Changes were also made to AtlasKnoxSSOAuthenticationFilter to support
this logic.
# Some changes were done in AtlasSecurityConfig for logout.
> Atlas[Backend] Fix for improving logout mechanism in Atlas Backend code base
> ----------------------------------------------------------------------------
>
> Key: ATLAS-5063
> URL: https://issues.apache.org/jira/browse/ATLAS-5063
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-core
> Reporter: Aditya Gupta
> Assignee: Aditya Gupta
> Priority: Major
>
> Previously, in Atlas UI, clicking the Logout button would redirect users to
> the Knox session termination page, but the user session wouldn’t be properly
> terminated. As a result, pressing the Back button would bring the user back
> into the logged-in Atlas UI.
> To address this issue, several changes have been introduced:
> * A new checkSso API has been implemented to detect whether the session is
> SSO-based by checking for the presence of the hadoop-jwt cookie.
> * Based on the API response:
> #
> ## If true (SSO session), the frontend redirects the user to a default
> action page for session termination.
> ## If false (non-SSO), it redirects the user to the traditional login.jsp.
> * The CustomLogoutSuccessHandler has been added to properly handle logout
> logic.
> * Modifications have been made in:
> # AtlasKnoxSSOAuthenticationFilter to support the new logic.
> # AtlasSecurityConfig to enhance logout behavior based on session type.
> These changes ensure proper session termination behavior and prevent access
> to protected resources after logout, even via browser navigation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
