moresandeep commented on a change in pull request #57: KNOX-1191 - Azure AD
support for KnoxSSO
URL: https://github.com/apache/knox/pull/57#discussion_r259477372
##########
File path:
gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
##########
@@ -143,6 +162,22 @@ public void set(WebContext context, String key, Object
value) {
}
cookie.setHttpOnly(true);
cookie.setSecure(ContextHelper.isHttpsOrSecure(context));
+
+ /**
+ * set the correct path for setting pac4j profile cookie.
+ * This is because, Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER in
the path
+ * indicates callback when ? cannot be used.
+ */
+ if (context.getPath() != null && context.getPath()
+ .contains(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER)) {
+
+ final String[] parts = ((J2EContext)
context).getRequest().getRequestURI()
+ .split(
+ "websso"+ Pac4jDispatcherFilter.URL_PATH_SEPARATOR +
Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER);
Review comment:
I didn't like this approach either, the problem here is that the string does
not end with PAC4J_CALLBACK_PARAMETER, it will end with the name of the client
which could be just simple OIDC or subclasses of OIDC clients like
AzureADClient. This is due to he path normalization that Pac4J can do for Azure
clients.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
