subject:"\[GitHub\] \[knox\] pzampino commented on a diff in pull request #714\: KNOX\-2862 \- Setup idle timeout for SSO cookie to 15 minutes"

[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes

2023-01-17 Thread GitBox



pzampino commented on code in PR #714:
URL: https://github.com/apache/knox/pull/714#discussion_r1072665671


##
gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java:
##
@@ -95,7 +95,7 @@ public class WebSSOResource {
   private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
   private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
   private static final String SSO_COOKIE_SAMESITE_DEFAULT = "Strict";
-  private static final long TOKEN_TTL_DEFAULT = 3L;
+  private static final long TOKEN_TTL_DEFAULT = 15000 * 60;

Review Comment:
   This does seem to be a more reasonable default, so let's make this change.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes

2023-01-09 Thread GitBox



pzampino commented on code in PR #714:
URL: https://github.com/apache/knox/pull/714#discussion_r1065015897


##
gateway-service-knoxsso/src/main/java/org/apache/knox/gateway/service/knoxsso/WebSSOResource.java:
##
@@ -95,7 +95,7 @@ public class WebSSOResource {
   private static final String ORIGINAL_URL_COOKIE_NAME = "original-url";
   private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
   private static final String SSO_COOKIE_SAMESITE_DEFAULT = "Strict";
-  private static final long TOKEN_TTL_DEFAULT = 3L;
+  private static final long TOKEN_TTL_DEFAULT = 15000 * 60;

Review Comment:
   Does the default value have to be FedRAMP-compliant? I would expect admins 
deploying Knox for FedRAMP-compliant applications would configure the TTL 
explicitly to adhere to those requirements.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes

[GitHub] [knox] pzampino commented on a diff in pull request #714: KNOX-2862 - Setup idle timeout for SSO cookie to 15 minutes

2 matches

Site Navigation

Mail list logo

Footer information