[jira] [Commented] (KNOX-1741) KnoxSSO to Support IDP Initiated Flow

Sat, 09 Oct 2021 10:43:05 -0700 


    [ 
https://issues.apache.org/jira/browse/KNOX-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17426648#comment-17426648
 ] 

Larry McCay commented on KNOX-1741:
-----------------------------------

Due to upcoming release of 1.6.0 and the need for an incompatible change coming 
up for log4j migration, we are moving this out to the 2.0.0 release. As of now, 
1.6.0 will be the last 1.x.x release due to the incompatible change. If there 
is a critical need for this in 1.6.0 please feel free to move the fixVersion 
back to 1.6.0 with a note of justification.

> KnoxSSO to Support IDP Initiated Flow
> -------------------------------------
>
>                 Key: KNOX-1741
>                 URL: https://issues.apache.org/jira/browse/KNOX-1741
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: KnoxSSO
>            Reporter: Larry McCay
>            Priority: Major
>             Fix For: 2.0.0
>
>
> Currently, KnoxSSO is constrained to an SP Initiated Flow - meaning, the user 
> must attempt to access a participating application before s/he is redirected 
> to an IdP for authentication.
> This restriction has been problematic for some deployments that have multiple 
> tenants or realms since the participating application has only a single URL 
> to redirect to when authentication is required.
> This JIRA is an umbrella for a few tasks in order to enable the following:
> # A landing page that displays a portal of available Topologies and then 
> services/UIs within each. Need to determine which topologies to inclulde - 
> maybe only those protected by KnoxSSO - which will require some Admin API 
> calls. This will be similar to the Okta portal page with tiles for UIs and 
> Services.
> # KnoxSSO protection of the landing page to insure that the user is logged in
> # A login form that includes username, password and realm - or perhaps a top 
> level page that requires realm only. This can become the URL that 
> participating application redirect the user to when a new authentication is 
> required.
> # Clicking into a Service rather than a UI should result in a REST Client 
> Page where the KnoxSSO token will be presented and results returned in a 
> scrollable textarea or meaningful rendering of JSON in a tree or table.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to