[
https://issues.apache.org/jira/browse/KNOX-670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143272#comment-15143272
]
Larry McCay commented on KNOX-670:
----------------------------------
Hi [~sumit.gupta] - while this is largely experimental at this stage the
driving usecase is one for a Knox authentication page/app. This app will be
able to be used as the IdP for KnoxSSO when there is no other IdP integration
available.
The knoxauth app should be able to be defined within a topology (probably
within the knoxsso topology) and not require authentication in order to access
the login page. The knoxauth app would then be able to make an API call or just
POST credentials to the knoxsso endpoint in order to authenticate the user and
get an sso cookie set. KnoxSSO will then redirect the browser to the originally
requested url.
Extrapolating this pattern out to other applications for things like the
knoxplorer example or a management/metrics page, we may have other requirements.
* you should be able to turn on/off such applications from topology to
topology. You can have a testpage for sandbox topology but not for the
production one for instance.
* you should be authenticated to access them sometimes. A topology that
includes a testpage would require authentication via KnoxSSO. The user will be
authenticated and the cookie set. Subsequent request for the testpage will be
granted given a valid cookie.
* apps should have an easy way to integrate with KnoxSSO and consume REST APIs
that are exposed via the same topology. We may have some simple js library work
to do there.
More complex application extrapolations:
* we could consider the ability to deploy full JEE webapps like shibboleth for
instance. This will not require our provider pipeline as much as the others and
doesn't necessarily speak to the app developer but it complements the KnoxSSO
story and we would likely be able to ease the configuration burden for
shibboleth install by automating the SP side config in shibboleth with what we
know about Knox at deployment time. This would allow KnoxSSO to act as a full
SAML IdP for other applications if desired.
> Knox Should be able to Host Simple Web Apps
> -------------------------------------------
>
> Key: KNOX-670
> URL: https://issues.apache.org/jira/browse/KNOX-670
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Kevin Minder
> Fix For: 0.9.0
>
> Attachments: KNOX-670_001.patch, KNOX-670_002.patch
>
>
> I think that we need the ability to serve up arbitrary web app resources.
> Given a conf/applications along side conf/topologies, we should be able to
> spin up a simple application that can be used as a central login facility
> with KnoxSSO, a management UI or any number of simple applications.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
