Again, Christopher - I verified with HDP sandbox which is 2.6.5 and am seeing expected behavior. SSOCookieProvider is redirecting to KnoxSSO with an originalUrl query param that reflects the gateway URL for webhdfs.
I don't know why you are seeing the behavior that you are describing. I am glad that I'm not seeing the issues that you are describing but it is a bit concerning to me that you are. Can you reproduce this in other clusters as well? On Thu, Jul 12, 2018 at 10:57 PM, larry mccay <lmc...@apache.org> wrote: > Hi Christopher - > > Proxying and SSO together may require a rewrite rule. > I'll look at what SSO Cookie Provider is doing though. > I would expect originalUrl to be the gateway url from there. > > Thanks, > > --larry > > On Thu, Jul 12, 2018, 4:17 PM Christopher Jackson < > jackson.christopher....@gmail.com> wrote: > >> Hi Folks, >> >> I have configured a service to use the SSOCookieProvider (federation >> role) and am seeing some odd behavior that I didn’t expect. Looking for >> clarification if this is behaving normally or not. >> >> I am making a request to: https://host.example.com:8443/ >> gateway/default/myservice/myapp/ and am then getting redirected to >> https://host.example.com:8443/gateway/knoxsso/knoxauth/ >> login.html?originalUrl=https://host.example.com:9443/myapp/ where I am >> prompted for credentials. I am able to login successfully and then am >> redirected to the value of the originalUrl query parameter. >> >> Essentially what I am seeing is that knox sso is listing the originalUrl >> as the actual path to the web application instead of the gated value of the >> web application. For my scenario I would expect that query parameter to >> contain the value https://host.example.com:8443/ >> gateway/default/myservice/myapp/ >> >> Why does knox sso behave in this manner? Is this expected? If so, do I >> need to write additional rewrite rules for this to behave like I would like? >> >> Note: If I call https://host.example.com:8443/gateway/knoxsso/knoxauth/ >> login.html?originalUrl=https://host.example.com:8443/ >> gateway/default/myservice/myapp/ directly then knox functions as I would >> expect it to. IE. I can log in and get redirected to my app in the gated >> path. >> >> I am using HDP version 220.127.116.11 with Knox 0.12.0 >> >> Thanks in advance, >> >> Christopher Jackson > >