Larry McCay created KNOX-573:
--------------------------------
Summary: Make SecureOnly Configurable for SSO Cookie in WebSSO
Key: KNOX-573
URL: https://issues.apache.org/jira/browse/KNOX-573
Project: Apache Knox
Issue Type: Sub-task
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.7.0
Currently the cookie is always set as SecureOnly which requires the
participating UIs to also have SSL enabled. This is the preferred mode and will
remain the default configuration. This jira represents the ability to override
that behavior explicitly for carefully considered and non-production use that
would enable the cookie to be sent over unprotected channels.
It needs to be understood that this will allow for the cookie to be easily
captured and replayed by a MIM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
