[
https://issues.apache.org/jira/browse/KNOX-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16914099#comment-16914099
]
Sandor Molnar edited comment on KNOX-1934 at 8/23/19 3:39 PM:
--------------------------------------------------------------
[~krisden],
as of now the default value of {{knoxsso.cookie.secure.only}} is set to
{{true}} regardless of the value of {{ssl.enabled}} (which we do not set in the
{{gateway-site.xml}} that comes OOTB, but it also defaults to {{true}}).
What if we changed the _default_ value for {{knoxsso.cookie.secure.only}} to
match {{ssl.enabled}} (only the _default_ would be changed; if the end-user set
it to {{true}}/{{false}} that would be honored)?
The following work should be done:
* removing {{knoxsso.cookie.secure.only}} flag from
{{gateway-release/home/conf/topologies/knoxsso.xml}} (since {{ssl.enabled}}
defaults to {{true}} the current behavior would not be changing)
* making the relevant change in
{{org.apache.knox.gateway.service.knoxsso.WebSSOResource.handleCookieSetup()}}
* writing unit tests
* updating the user guide (I'll file a separate JIRA if we agreed)
Any objection?
was (Author: smolnar):
[~krisden],
as of now the default value of {{knoxsso.cookie.secure.only}} is set to
{{true}} regardless of the value of {{ssl.enabled}} (which we do not set in the
{{gateway-site.xml}} that comes OOTB, but it also defaults to {{true}}).
What if we changed the _default_ value for {{knoxsso.cookie.secure.only}} to
match {{ssl.enabled}} (only the _default_ would be changed; if the end-user set
it to {{true}}/{{false}} that would be honored)?
The following work should be done:
* removing {{knoxsso.cookie.secure.only}} flag from
{{gateway-release/home/conf/topologies/knoxsso.xml}} (since {{ssl.enabled}}
defaults to {{true}} the current behavior would not be changing)
* making the relevant change in
{{org.apache.knox.gateway.service.knoxsso.WebSSOResource.handleCookieSetup()}}
* writing unit tests
* updating the user guide (I'll file a separate JIRA if we agreed)
Any objections?
> Setting value of knoxsso.cookie.secure.only based on ssl.enabled in
> gateway.site
> --------------------------------------------------------------------------------
>
> Key: KNOX-1934
> URL: https://issues.apache.org/jira/browse/KNOX-1934
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO, Server
> Reporter: Abhishek Shukla
> Assignee: Sandor Molnar
> Priority: Minor
> Fix For: 1.4.0
>
>
> Currently, knoxsso.cookie.secure.only is set to true always in knoxsso
> topology, since Knox Gateway is always deployed in SSL enabled mode.
> But if deployment is done with ssl.disabled=true mode, then we can access the
> ADMIN UI only after setting the value for knoxsso.cookie.secure.only = false
> manually.
>
> It will be good to set the knoxsso.cookie.secure.only flag based on
> ssl.disabled flag present in gateway-site configs.
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
