[jira] [Comment Edited] (KNOX-1934) Setting value of knoxsso.cookie.secure.only based on ssl.enabled in gateway.site

Fri, 23 Aug 2019 11:06:08 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16914522#comment-16914522
 ] 

Kevin Risden edited comment on KNOX-1934 at 8/23/19 6:05 PM:
-------------------------------------------------------------

[~smolnar] - The approach looks good. The only minor change would be to comment 
out the "knoxsso.cookie.secure.only" section instead of removing it completely.

There are SOME cases where you want to have Knox TLS but then have KnoxSSO not 
have a secure cookie. The case this happens is when the service using KnoxSSO 
is not TLS enabled and then can't read the cookie. So commenting out in the 
knoxsso.xml topology with a comment would probably be helpful.


was (Author: risdenk):
[~smolnar] - The approach looks good. The only minor change would be to comment 
out the "knoxsso.cookie.secure.only" section.

There are SOME cases where you want to have Knox TLS but then have KnoxSSO not 
have a secure cookie. The case this happens is when the service using KnoxSSO 
is not TLS enabled and then can't read the cookie. So commenting out in the 
knoxsso.xml topology with a comment would probably be helpful.

> Setting value of knoxsso.cookie.secure.only based on ssl.enabled in 
> gateway.site
> --------------------------------------------------------------------------------
>
>                 Key: KNOX-1934
>                 URL: https://issues.apache.org/jira/browse/KNOX-1934
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO, Server
>            Reporter: Abhishek Shukla
>            Assignee: Sandor Molnar
>            Priority: Minor
>             Fix For: 1.4.0
>
>
> Currently, knoxsso.cookie.secure.only is set to true always in knoxsso 
> topology, since Knox Gateway is always deployed in SSL enabled mode.
> But if deployment is done with ssl.disabled=true mode, then we can access the 
> ADMIN UI only after setting the value for knoxsso.cookie.secure.only = false 
> manually.
>  
> It will be good to set the knoxsso.cookie.secure.only flag based on 
> ssl.disabled flag present in gateway-site configs.
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to