[
https://issues.apache.org/jira/browse/KNOX-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15051589#comment-15051589
]
Larry McCay commented on KNOX-640:
----------------------------------
I have also decided that we don't need to have configuration for multiple
domain suffixes.
All of the resources need to be used within the same domain as the KnoxSSO
endpoint anyway therefore I don't think it requires many.
If we need to revisit this aspect in the future it can be done in a backward
compatible way.
> Make Cookie Domain Configurable
> -------------------------------
>
> Key: KNOX-640
> URL: https://issues.apache.org/jira/browse/KNOX-640
> Project: Apache Knox
> Issue Type: Sub-task
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.7.0, 0.8.0
>
>
> In order to provide sufficient control to the administrator that is setting
> up KnoxSSO, we need to make sure that the cookie domain can be deterministic.
> Current implementation tries to derive the domain from the incoming request
> hostname which ends up being insufficient in certain usecase. OpenStack
> environments for instance use hostnames that are hard to tell apart from
> domains. This causes the domain algorithm to calculate an inappropriate one
> which results in the cookie not being presented to all intended parties.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
