[
https://issues.apache.org/jira/browse/KNOX-3350?focusedWorklogId=1025241&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1025241
]
ASF GitHub Bot logged work on KNOX-3350:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Jun/26 14:58
Start Date: 15/Jun/26 14:58
Worklog Time Spent: 10m
Work Description: lmccay commented on PR #1264:
URL: https://github.com/apache/knox/pull/1264#issuecomment-4709248458
> @lmccay made a point: cookie size can be an issue.
>
> Modern browsers support cookies up to 4K: Which opens the following
question: shall we include groups only, and only if, when the cummulated cookie
size doesn't exceed 4K?
Well, it isn't really clear to me where those groups are even going to be
used and what authorization check will see them.
Are we going to change JWTFederationFilter to extract them from the token
and set them as GroupPrincipals?
Depending on the specific need, we may be able to handle this in another way.
We already have the ability to add a header for groups to a dispatched
request, if this usecase in question here is for a proxied service that wants
to get groups from Knox.
Issue Time Tracking
-------------------
Worklog Id: (was: 1025241)
Time Spent: 1.5h (was: 1h 20m)
> Allow group membership information to be included in issued KNOXSSO cookie
> --------------------------------------------------------------------------
>
> Key: KNOX-3350
> URL: https://issues.apache.org/jira/browse/KNOX-3350
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Sandor Molnar
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> KNOX-2731 added the ability to include group information (if available), in
> the generated JWTs by the {{KNOXTOKEN}} service.
> It'd be beneficial to decorate the `hadoop-jwt` SSO cookie with groups as
> well (in case if's configured).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
