[
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15066210#comment-15066210
]
Jérôme Leleu commented on KNOX-641:
-----------------------------------
Generally, we have two sessions in regular pac4j use cases: the application
session (for the app in which the pac4j library is integrated) and the identity
provider session. When the application session expires, the identity provider
session may still be active. Both are not linked.
For Knox, we have three sessions: the Knox session via its hadoop-jwt cookie,
the pac4j session via session cookies and the identity provider session.
Currently, pac4j handles the authentication process using session cookies and
at the end of the process, the authenticated user profile is hold in a session
cookie. Based on that, a Knox session is created. What I proposed was to remove
the session cookie of pac4j which is somehow temporary as related to the
authentication process. From there, the Knox session still exists as well as
the identity provider session. That said, if you close your browser, you remove
the pac4j cookies.
Will keep things "as is" for the new patch and open the debate on the mailing
list.
> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> -----------------------------------------------------------
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
> Issue Type: New Feature
> Reporter: Jérôme Leleu
> Assignee: Jérôme Leleu
> Fix For: 0.7.0
>
> Attachments: KNOX-641.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
