[
https://issues.apache.org/jira/browse/KNOX-2970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777416#comment-17777416
]
ASF subversion and git services commented on KNOX-2970:
-------------------------------------------------------
Commit fbed6e7cf095f3e5f6328163de15e5925544372d in knox's branch
refs/heads/master from Sandor Molnar
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=fbed6e7cf ]
KNOX-2970 - Removing KnoxSSO cookie from the token state service upon logout
(#806)
Additionally, the Token Management UI displays the 'current' KnoxSSO cookie row
in bold.
> During knox global logout , the corresponding SSO token should be either
> disabled or revoked
> ---------------------------------------------------------------------------------------------
>
> Key: KNOX-2970
> URL: https://issues.apache.org/jira/browse/KNOX-2970
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Affects Versions: 2.0.0
> Reporter: J.Andreina
> Assignee: Sandor Molnar
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> +*{color:#de350b}PROBLEM STATEMENT:{color}*+
> During knox global logout , SSO token should be either disabled or removed
> +*BUILDS:*+
> 2.0
>
> +*STEPS TO REPRODUCE:*+
> - Enable logout "knox.homepage.logout.enabled" , configure
> "knox.global.logout.page.url" to "https://*********";
> - Access knox home page
> - Click on global logout
> +*CURRENT BEHAVIOUR:*+
> the session will be removed and user if need to access knox home page again
> should relogin , but still the previous SSO token will be alive for default 1
> day which can cause security risk
> +*EXPECTED BEHAVIOUR:*+
> During knox global logout , the corresponding SSO token should be either
> disabled or revoked
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
