[jira] [Work logged] (KNOX-1191) Implement Azure AD support for Knox SSO

Fri, 22 Feb 2019 11:21:14 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-1191?focusedWorklogId=202811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-202811
 ]

ASF GitHub Bot logged work on KNOX-1191:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 22/Feb/19 19:20
            Start Date: 22/Feb/19 19:20
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on pull request #57: KNOX-1191 - 
Azure AD support for KnoxSSO
URL: https://github.com/apache/knox/pull/57#discussion_r259477372
 
 

 ##########
 File path: 
gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/session/KnoxSessionStore.java
 ##########
 @@ -143,6 +162,22 @@ public void set(WebContext context, String key, Object 
value) {
         }
         cookie.setHttpOnly(true);
         cookie.setSecure(ContextHelper.isHttpsOrSecure(context));
+
+        /**
+         *  set the correct path for setting pac4j profile cookie.
+         *  This is because, Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER in 
the path
+         *  indicates callback when ? cannot be used.
+         */
+        if (context.getPath() != null && context.getPath()
+            .contains(Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER)) {
+
+            final String[] parts = ((J2EContext) 
context).getRequest().getRequestURI()
+                .split(
+                    "websso"+ Pac4jDispatcherFilter.URL_PATH_SEPARATOR + 
Pac4jDispatcherFilter.PAC4J_CALLBACK_PARAMETER);
 
 Review comment:
   I didn't like this approach either, the problem here is that the string does 
not end with PAC4J_CALLBACK_PARAMETER, it will end with the name of the client 
which could be just simple OIDC or subclasses of OIDC clients like 
AzureADClient. This is due to he path normalization that Pac4J can do for Azure 
clients.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 202811)
    Time Spent: 1h 10m  (was: 1h)

> Implement Azure AD support for Knox SSO
> ---------------------------------------
>
>                 Key: KNOX-1191
>                 URL: https://issues.apache.org/jira/browse/KNOX-1191
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: KnoxSSO
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 1.3.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Due to the way Azure AD mangles the callback URL, Knox
> Pac4jDispatcherFilter has issues intercepting the callback url and the 
> request ends up in a redirect loop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to