Again, Christopher - I verified with HDP sandbox which is 2.6.5 and am
seeing expected behavior.
SSOCookieProvider is redirecting to KnoxSSO with an originalUrl query param
that reflects the gateway URL for webhdfs.

I don't know why you are seeing the behavior that you are describing.

I am glad that I'm not seeing the issues that you are describing but it is
a bit concerning to me that you are.
Can you reproduce this in other clusters as well?

On Thu, Jul 12, 2018 at 10:57 PM, larry mccay <lmc...@apache.org> wrote:

> Hi Christopher -
>
> Proxying and SSO together may require a rewrite rule.
> I'll look at what SSO Cookie Provider is doing though.
> I would expect originalUrl to be the gateway url from there.
>
> Thanks,
>
> --larry
>
> On Thu, Jul 12, 2018, 4:17 PM Christopher Jackson <
> jackson.christopher....@gmail.com> wrote:
>
>> Hi Folks,
>>
>> I have configured a service to use the SSOCookieProvider (federation
>> role) and am seeing some odd behavior that I didn’t expect. Looking for
>> clarification if this is behaving normally or not.
>>
>> I am making a request to: https://host.example.com:8443/
>> gateway/default/myservice/myapp/ and am then getting redirected  to
>> https://host.example.com:8443/gateway/knoxsso/knoxauth/
>> login.html?originalUrl=https://host.example.com:9443/myapp/ where I am
>> prompted for credentials. I am able to login successfully and then am
>> redirected to the value of the originalUrl query parameter.
>>
>> Essentially what I am seeing is that knox sso is listing the originalUrl
>> as the actual path to the web application instead of the gated value of the
>> web application. For my scenario I would expect that query parameter to
>> contain the value https://host.example.com:8443/
>> gateway/default/myservice/myapp/
>>
>> Why does knox sso behave in this manner? Is this expected? If so, do I
>> need to write additional rewrite rules for this to behave like I would like?
>>
>> Note: If I call https://host.example.com:8443/gateway/knoxsso/knoxauth/
>> login.html?originalUrl=https://host.example.com:8443/
>> gateway/default/myservice/myapp/ directly then knox functions as I would
>> expect it to. IE. I can log in and get redirected to my app in the gated
>> path.
>>
>> I am using HDP version 2.6.2.0 with Knox 0.12.0
>>
>> Thanks in advance,
>>
>> Christopher Jackson
>
>

Reply via email to