[
https://issues.apache.org/jira/browse/KNOX-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandeep More updated KNOX-1210:
-------------------------------
Status: Patch Available (was: Open)
> SSOCookieProvider should detect expired SSO token
> -------------------------------------------------
>
> Key: KNOX-1210
> URL: https://issues.apache.org/jira/browse/KNOX-1210
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Affects Versions: 0.14.0
> Reporter: Jeff Storck
> Assignee: Sandeep More
> Priority: Major
> Attachments: KNOX-1210.001.patch
>
>
> While proxying a UI that makes XHR (XMLHttpRequest) calls through Knox, if
> the SSO token expires, that request through Knox will be redirected to the
> KnoxSSO login page, which will be the response to the request itself. The UI
> that receives this response will attempt to parse it and fail, since it is
> not the expected response; it is the KnoxSSO login page itself.
> When a request is made with a {code}X-Requested-With{code} header set to
> {code}XMLHttpRequest{code} the SSOCookieProvider should check for SSO token
> expiry. If the token has not expired, the request should continue through to
> the proxied resource. If the token has expired, rather than redirecting to
> the KnoxSSO login page, a
> {code}401 Unauthorized{code} response should be returned.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
