[
https://issues.apache.org/jira/browse/KNOX-795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15746480#comment-15746480
]
Larry McCay commented on KNOX-795:
----------------------------------
>From duplicate JIRA KNOX-796:
We have the ability to set the sso.cookie.name in SSOCookieFederationFilter
(which is part of the gateway/provider/federation) but we do not have the
ability to override the sso.cookie.name in WebSSOResource (which is part of
gateway/service/knoxsso)
It would be nice to add the ability to override the cookie name so we can use
specify custom cookie names and also to use different cookie for different
services.
private static final String DEFAULT_SSO_COOKIE_NAME = "hadoop-jwt";
Code from SSOCookieFederation
// configured cookieName
cookieName = filterConfig.getInitParameter(SSO_COOKIE_NAME);
if (cookieName == null)
{ cookieName = DEFAULT_SSO_COOKIE_NAME; }
Code from WebSSOResource: (where cookie is hardcoded)
private void addJWTHadoopCookie(String original, JWT token) {
log.addingJWTCookie(token.toString());
Cookie c = new Cookie(JWT_COOKIE_NAME, token.toString());
> Make KnoxSSO Cookie Name Configurable
> -------------------------------------
>
> Key: KNOX-795
> URL: https://issues.apache.org/jira/browse/KNOX-795
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.11.0
>
>
> In order to keep an SSO session from one cluster and that of another
> separate. KnoxSSO should support multiple cookie names.
> This will require:
> 1. configurable name in KnoxSSO->websso and webssout with default of
> hadoop-jwt
> 2. participating applications to have it configurable as well
> Note that cookies from other clusters will still be presented to each other
> if they are in the same domain and over ssl. This will just allow the
> participating application to find the cookie intended for its respective
> cluster SSO session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
