[jira] [Updated] (KNOX-2067) KnoxToken service support for renewal and revocation

[Philip Zampino (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Philip Zampino updated KNOX-2067:
---------------------------------
    Description: 
Currently, the KnoxToken service hands out tokens without any ability to renew 
or revoke those tokens. The service should support renewal and revocation 
endpoints.

Assuming a topology (token-test) with the KnoxToken service, protected by the 
demo LDAP provider:

 
{noformat}
{
  {
    "name": "KNOXTOKEN",
    "params": {
       "knox.token.ttl": "604800000",
       "knox.token.audiences": "idbroker",
       "knox.token.exp.server-managed": "true",
       "knox.token.exp.renew-interval": "60000",             
       "knox.token.renewer.whitelist": "admin"
  }
}{noformat}
 

Get a token as has always been done:
curl -ivku guest:guest-password 
'https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token'

Renew:
curl -ivku admin:admin-password -X POST -d $TOKEN 
'https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token/renew'

Cancel:
curl -ivku admin:admin-password -X POST -d $TOKEN 
'[https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token/revoke'|http://pz-dev-1.vpc.cloudera.com:8444/gateway/dt/knoxtoken/api/v1/token/revoke']

 

  was:Currently, the KnoxToken service hands out tokens without any ability to 
renew or revoke those tokens. The service should support renewal and revocation 
endpoints.


> KnoxToken service support for renewal and revocation
> ----------------------------------------------------
>
>                 Key: KNOX-2067
>                 URL: https://issues.apache.org/jira/browse/KNOX-2067
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.3.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>             Fix For: 1.4.0
>
>
> Currently, the KnoxToken service hands out tokens without any ability to 
> renew or revoke those tokens. The service should support renewal and 
> revocation endpoints.
> Assuming a topology (token-test) with the KnoxToken service, protected by the 
> demo LDAP provider:
>  
> {noformat}
> {
>   {
>     "name": "KNOXTOKEN",
>     "params": {
>        "knox.token.ttl": "604800000",
>        "knox.token.audiences": "idbroker",
>        "knox.token.exp.server-managed": "true",
>        "knox.token.exp.renew-interval": "60000",             
>        "knox.token.renewer.whitelist": "admin"
>   }
> }{noformat}
>  
> Get a token as has always been done:
> curl -ivku guest:guest-password 
> 'https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token'
> Renew:
> curl -ivku admin:admin-password -X POST -d $TOKEN 
> 'https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token/renew'
> Cancel:
> curl -ivku admin:admin-password -X POST -d $TOKEN 
> '[https://localhost:8443/gateway/token-test/knoxtoken/api/v1/token/revoke'|http://pz-dev-1.vpc.cloudera.com:8444/gateway/dt/knoxtoken/api/v1/token/revoke']
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)