[
https://issues.apache.org/jira/browse/KNOX-2655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-2655:
------------------------------
Fix Version/s: (was: 2.0.0)
1.6.0
> Disallow Userinfo in KnoxSSO originalURL Query Param
> ----------------------------------------------------
>
> Key: KNOX-2655
> URL: https://issues.apache.org/jira/browse/KNOX-2655
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Priority: Major
> Fix For: 1.6.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> There is no valid reason that I can think of to allow userinfo in a URL for
> an application/UI that is participating in KnoxSSO. The userinfo is used to
> login to hosts/pages that are protected by HTTP Basic. This is contradictory
> to the use of KnoxSSO to begin with and complicates the regex pattern
> required to indicate those URLs that are allowed for redirect and/or dispatch.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
