[
https://issues.apache.org/jira/browse/KNOX-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14726672#comment-14726672
]
Jeffrey E Rodriguez commented on KNOX-592:
-------------------------------------------
More details about this issue.
In class org.apache.hadoop.gateway.dispatch.DefaultDispatch, method
executeKerberosDispatch we have two places where we add
outboundRequest.removeHeaders(COOKIE);
This call remove headers so dispatcher will send the original request to the
service without cookies.
In this case we are accessing services which don't support SPNEGO, which is a
valid case but we are removing the cookie too early. We first need to start the
SPNEGO negotiation,
after we figure out that service supports SPNEGO then we should remove the
cookies.
I've tested commenting out the first cookie remove and SPNEGO is still working
so maybe that could be a way to fix this issue. I would like somebody from the
product team validate this.
> Knox remove cookies when Kerberos is enabled even if the service is not using
> SPNEGO
> ------------------------------------------------------------------------------------
>
> Key: KNOX-592
> URL: https://issues.apache.org/jira/browse/KNOX-592
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.6.0
> Environment: All environment having Kerberos enable
> Reporter: Jeffrey E Rodriguez
> Fix For: 0.7.0
>
>
> Knox remove cookies when Kerberos is enabled even if the service is not using
> SPNEGO.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
