Again, Christopher - I verified with HDP sandbox which is 2.6.5 and am
seeing expected behavior.
SSOCookieProvider is redirecting to KnoxSSO with an originalUrl query param
that reflects the gateway URL for webhdfs.

I don't know why you are seeing the behavior that you are describing.

I am glad that I'm not seeing the issues that you are describing but it is
a bit concerning to me that you are.
Can you reproduce this in other clusters as well?

On Thu, Jul 12, 2018 at 10:57 PM, larry mccay <> wrote:

> Hi Christopher -
> Proxying and SSO together may require a rewrite rule.
> I'll look at what SSO Cookie Provider is doing though.
> I would expect originalUrl to be the gateway url from there.
> Thanks,
> --larry
> On Thu, Jul 12, 2018, 4:17 PM Christopher Jackson <
>> wrote:
>> Hi Folks,
>> I have configured a service to use the SSOCookieProvider (federation
>> role) and am seeing some odd behavior that I didn’t expect. Looking for
>> clarification if this is behaving normally or not.
>> I am making a request to:
>> gateway/default/myservice/myapp/ and am then getting redirected  to
>> login.html?originalUrl= where I am
>> prompted for credentials. I am able to login successfully and then am
>> redirected to the value of the originalUrl query parameter.
>> Essentially what I am seeing is that knox sso is listing the originalUrl
>> as the actual path to the web application instead of the gated value of the
>> web application. For my scenario I would expect that query parameter to
>> contain the value
>> gateway/default/myservice/myapp/
>> Why does knox sso behave in this manner? Is this expected? If so, do I
>> need to write additional rewrite rules for this to behave like I would like?
>> Note: If I call
>> login.html?originalUrl=
>> gateway/default/myservice/myapp/ directly then knox functions as I would
>> expect it to. IE. I can log in and get redirected to my app in the gated
>> path.
>> I am using HDP version with Knox 0.12.0
>> Thanks in advance,
>> Christopher Jackson

Reply via email to