[
https://issues.apache.org/jira/browse/KNOX-911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15936792#comment-15936792
]
Jeffrey E Rodriguez edited comment on KNOX-911 at 3/22/17 6:16 PM:
--------------------------------------------------------------------
Ok.
Let me see if I understand. You want the reverse proxy to route access to Knox
instances given the Knox path.
The cookies Knox emits is the Jsession ( or the JWT or SSO cookie or some
special cookies like rememberMe). So each instance may get something like this.
(if gateway path are set gatewat1 and gateway2)
Knox 1
Set-Cookie:
JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway1/default;Secure;HttpOnly
Knox 2
Set-Cookie:
JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway2/default;Secure;HttpOnly
So you are setting up the gateway two different gateway paths.
I am still think that that can be set at the reverse proxy . The only
difference is that you need to change the reverse proxy to use the "Path" as
a URI selector. (the Knox instance have different gateway paths)
:-) are we using Knox as reverse proxy?? (as a cascading proxy)
was (Author: jeffreyr97):
Ok.
Let me see if I understand. You want the reverse proxy to route access to Knox
instances given the Knox path.
The cookies Knox emits is the Jsession ( or the JWT or SSO cookie or some
special cookies like rememberMe). So each instance may get something like this.
(if gateway path are set gatewat1 and gateway2)
Knox 1
Set-Cookie:
JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway1/default;Secure;HttpOnly
Knox 2
Set-Cookie:
JSESSIONID=3es1chhtbk0413r2wzrmy5vvo;Path=/gateway2/default;Secure;HttpOnly
So you are setting up the gateway two different gateway paths.
I am still think that that can be set at the reverse proxy . The only
difference is that you need to change the reverse proxy to use "cookie Path"
as a URI selector.
:-) are we using Knox as reverse proxy?? (as a cascading proxy)
> Ability to scope cookies to a given Path
> ----------------------------------------
>
> Key: KNOX-911
> URL: https://issues.apache.org/jira/browse/KNOX-911
> Project: Apache Knox
> Issue Type: Wish
> Reporter: Attila Kanto
>
> If there are multiple individual Knox instances behind of a reverse proxy,
> then it would be very useful if the Cookies could be scoped to a given Path.
> If a reverse proxy is put at the font of multiple Knox instances then scoping
> the Cookies to domain is not sufficient since the /gateway1/... and
> /gateway2/... cookies will overwrite each other.
> {code}
> +---------------------------------+
> | |
> | Reverse Proxy |
> | |
> +---------------------------------+
> | |
> /gateway1/topology | | /gateway2/topology
> | |
> +----------------------------v----+
> +--v------------------------------+
> | | |
> |
> | Knox 1 (/gateway1/topology) | | Knox 2 (/gateway2/topology)
> |
> | | |
> |
> +---------------------------------+
> +---------------------------------+
> {code}
> Proposal:
> Cookies can be scoped with Set-Cookie: Path=/somepath header field.
> It would be very convenient if this scope path could be set in
> gateway-site.xml and Knox would return it in Set-Cookie header field to
> clients.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
