[jira] [Work logged] (KNOX-2679) Trim Pac4j entitlements to avoid cookie too large issue.

Tue, 12 Oct 2021 06:26:07 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2679?focusedWorklogId=664059&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-664059
 ]

ASF GitHub Bot logged work on KNOX-2679:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/Oct/21 13:25
            Start Date: 12/Oct/21 13:25
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on a change in pull request #509:
URL: https://github.com/apache/knox/pull/509#discussion_r727135022



##########
File path: 
gateway-provider-security-pac4j/src/main/java/org/apache/knox/gateway/pac4j/filter/Pac4jDispatcherFilter.java
##########
@@ -187,6 +200,27 @@ public void init( FilterConfig filterConfig ) throws 
ServletException {
 
       clientName = CommonHelper.isBlank(clientNameParameter) ? 
clients.get(0).getName() : clientNameParameter;
 
+      /* do we need to exclude groups? */
+      if (filterConfig.getInitParameter(PAC4J_SESSION_STORE_EXCLUDE_GROUPS) == 
null) {

Review comment:
       Thanks @smolnar82 this is much better!




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 664059)
    Time Spent: 1h  (was: 50m)

> Trim Pac4j entitlements to avoid cookie too large issue.
> --------------------------------------------------------
>
>                 Key: KNOX-2679
>                 URL: https://issues.apache.org/jira/browse/KNOX-2679
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Currently with KnoxSSO if the user is part of too many groups SAML assertions 
> that we get back from IdP is huge. This cause hadoop-jwt cookie to not set 
> throwing the SSO in a loop.
> Knox does not need groups, groups in knox are figured out based on the 
> hadoop-user-group lookup. We should be able to filter out groups from the 
> SAML assertion.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to