Hi Christopher - Proxying and SSO together may require a rewrite rule. I'll look at what SSO Cookie Provider is doing though. I would expect originalUrl to be the gateway url from there.
Thanks, --larry On Thu, Jul 12, 2018, 4:17 PM Christopher Jackson < jackson.christopher....@gmail.com> wrote: > Hi Folks, > > I have configured a service to use the SSOCookieProvider (federation role) > and am seeing some odd behavior that I didn’t expect. Looking for > clarification if this is behaving normally or not. > > I am making a request to: > https://host.example.com:8443/gateway/default/myservice/myapp/ and am > then getting redirected to > https://host.example.com:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=https://host.example.com:9443/myapp/ > where I am prompted for credentials. I am able to login successfully and > then am redirected to the value of the originalUrl query parameter. > > Essentially what I am seeing is that knox sso is listing the originalUrl > as the actual path to the web application instead of the gated value of the > web application. For my scenario I would expect that query parameter to > contain the value > https://host.example.com:8443/gateway/default/myservice/myapp/ > > Why does knox sso behave in this manner? Is this expected? If so, do I > need to write additional rewrite rules for this to behave like I would like? > > Note: If I call > https://host.example.com:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=https://host.example.com:8443/gateway/default/myservice/myapp/ > directly then knox functions as I would expect it to. IE. I can log in and > get redirected to my app in the gated path. > > I am using HDP version 2.6.2.0 with Knox 0.12.0 > > Thanks in advance, > > Christopher Jackson