[jira] [Commented] (KNOX-911) Ability to scope cookies to a given Path

Wed, 22 Mar 2017 05:58:20 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15936249#comment-15936249
 ] 

Larry McCay commented on KNOX-911:
----------------------------------

Hi [~akanto] - thanks for the JIRA.
I need to better understand this scenario a bit.

In my mind, the cookies shouldn't be overwritten by each other.
In fact, I would imagine that we would need to make sure that they are 
verifiable by each other so that SSO is valid across the multiple Knox 
instances. This is possible by making sure the signing key material is the same 
across all instances.

If you differentiate the cookies based on path then I think you will need to 
authenticate to each instance separately.

What am I missing?


> Ability to scope cookies to a given Path
> ----------------------------------------
>
>                 Key: KNOX-911
>                 URL: https://issues.apache.org/jira/browse/KNOX-911
>             Project: Apache Knox
>          Issue Type: Wish
>            Reporter: Attila Kanto
>
> If there are multiple individual Knox instances behind of a reverse proxy, 
> then it would be very useful if the Cookies could be scoped to a given Path.
> If a reverse proxy is put at the font of multiple Knox instances then scoping 
> the Cookies to domain is not sufficient since the /gateway1/... and 
> /gateway2/... cookies will overwrite each other.
> {code}
>                           +---------------------------------+
>                           |                                 |
>                           |        Reverse Proxy            |
>                           |                                 |
>                           +---------------------------------+
>                                   |            |
>                /gateway1/topology |            | /gateway2/topology
>                                   |            |
>      +----------------------------v----+    
> +--v------------------------------+
>      |                                 |    |                                 
> |
>      |  Knox 1 (/gateway1/topology)    |    |  Knox 2 (/gateway2/topology)    
> |
>      |                                 |    |                                 
> |
>      +---------------------------------+    
> +---------------------------------+
> {code}
> Proposal:
> Cookies can be scoped with  Set-Cookie: Path=/somepath header field. 
> It would be very convenient if this scope path could be set in 
> gateway-site.xml and Knox would return it in Set-Cookie header field to 
> clients.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to