DIPAYAN BHOWMICK commented on KNOX-1355:

I did some digging around the knox code and its integration with pac4j, I found 
that the DefaultCallbackStrategy was not overloaded for this scenario to work. 
The defaultCallbackStrategy will work if knox is used as a gateway. I was able 
to fix the redirection issue by patching the code.
Patch is attached.

> Knox not honoring originalUrl when pac4j federation is used
> -----------------------------------------------------------
>                 Key: KNOX-1355
>                 URL: https://issues.apache.org/jira/browse/KNOX-1355
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxSSO
>            Reporter: DIPAYAN BHOWMICK
>            Priority: Major
>             Fix For: 1.1.0
>         Attachments: knox_fix_for_dp_keycloak.patch, knoxsso.xml, 
> sequence_diagram.txt
> I wanted to integrate Keycloak as the IdP provider for Knox using the pack4j 
> federation in Dataplane. This is for an SSO scenario and not Knox Gateway 
> proxy. So, requested to 
> gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane.
> After, the redirection happens to Keycloak and successful authentication knox 
> rather than returning to the requested original URL, it is redirecting to the 
> original requestedURL (ie. 
> gateway/knoxsso/api/v1/websso?originalUrl=https://dataplane)
> The complete Sequence diagram is attached. [^sequence_diagram.txt]
> Also, knoxsso.xml is attached as an example. [^knoxsso.xml]

This message was sent by Atlassian JIRA

Reply via email to