Sandeep More created KNOX-3186:
----------------------------------
Summary: SSOCookieProvider does not work with istio external
authorizer
Key: KNOX-3186
URL: https://issues.apache.org/jira/browse/KNOX-3186
Project: Apache Knox
Issue Type: Bug
Reporter: Sandeep More
Assignee: Sandeep MoreSSOCookieProvider does not work in it's current form with istio external authorizer * The reason SSOCookieProvider does not work in its current form is because of the way istio external authorizer forwards the request. * Say we a request comes to the endpoint [https://www.local.com:8443/knox/] protected by istio external authorizer. * It is intercepted by istio and forwarded to [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/] * Sandbox topology kicks off SSO flow [https://www.local.com:8443/gateway/knoxsso/api/v1/websso?originalUrl=http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|https://www.local.com:8443/gateway/knox-test-samlsso/api/v1/websso?originalUrl=http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/], notice the originalURL it is not [https://www.local.com:8443/knox/] but [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/] After successful SSO the request ends up at [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/] which is not where we want it to go. -- This message was sent by Atlassian Jira (v8.20.10#820010)
