[
https://issues.apache.org/jira/browse/KNOX-796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Caldwell updated KNOX-796:
-------------------------------
Description:
We have the ability to set the sso.cookie.name in SSOCookieFederationFilter
(which is part of the gateway/provider/federation) but we do not have the
ability to override the sso.cookie.name in WebSSOResource (which is part of
gateway/service/knoxsso)
It would be nice to add the ability to override the cookie name so we can use
specify custom cookie names and also to use different cookie for different
services.
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
Code from SSOCookieFederation
// configured cookieName
cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
if (cookieName == null) {
cookieName = DEFAULT_SSO_COOKIE_NAME;
}
Code from WebSSOResource: (where cookie is hardcoded)
private void addJWTHadoopCookie(String original, JWT token) {
log.addingJWTCookie(token.toString());
Cookie c = new Cookie(JWT_COOKIE_NAME, token.toString());
was:
We have the ability to set eh sso.cookie.name in SSOCookieFederationFilter
(which is part of the gateway/provider/federation) but we do not have the
ability to override the sso.cookie.name in WebSSOResource (which is part of
gateway/service/knoxsso)
It would be nice to add the ability to override the cookie name so we can use
specify custom cookie names and also to use different cookie for different
services.
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
Code from SSOCookieFederation
// configured cookieName
cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
if (cookieName == null) {
cookieName = DEFAULT_SSO_COOKIE_NAME;
}
Code from WebSSOResource: (where cookie is hardcoded)
private void addJWTHadoopCookie(String original, JWT token) {
log.addingJWTCookie(token.toString());
Cookie c = new Cookie(JWT_COOKIE_NAME, token.toString());
> Ability to set Cookie Name in KnoxSSO
> -------------------------------------
>
> Key: KNOX-796
> URL: https://issues.apache.org/jira/browse/KNOX-796
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 0.10.0
> Environment: linux
> Reporter: Mark Caldwell
> Priority: Minor
> Labels: easyfix, security
>
> We have the ability to set the sso.cookie.name in SSOCookieFederationFilter
> (which is part of the gateway/provider/federation) but we do not have the
> ability to override the sso.cookie.name in WebSSOResource (which is part of
> gateway/service/knoxsso)
> It would be nice to add the ability to override the cookie name so we can use
> specify custom cookie names and also to use different cookie for different
> services.
> private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
> Code from SSOCookieFederation
> // configured cookieName
> cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
> if (cookieName == null) {
> cookieName = DEFAULT_SSO_COOKIE_NAME;
> }
> Code from WebSSOResource: (where cookie is hardcoded)
> private void addJWTHadoopCookie(String original, JWT token) {
> log.addingJWTCookie(token.toString());
> Cookie c = new Cookie(JWT_COOKIE_NAME, token.toString());
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
