[
https://issues.apache.org/jira/browse/KNOX-2383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-2383:
--------------------------------
Description:
*Steps to reproduce*
# have a topology with JWT federation provider (let's call it {{tokenbased)}}
and add a valid HDFS UI service in there (the service itself does not really
matter, it's just the fastest way in my environment to reproduce the issue).
It's important that you make sure {{knox.token.exp.server-managed}} is set to
{{true}} for the {{JWT federation provider}}.
# get a Knox delegation token using the {{KNOXTOKEN}} service. It's important
that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the
{{KNOXTOKEN}} service.
# right after the previous call, try to hit the HDFS UI via the previously
created {{tokenbased}} topology
*Current results*
The last action fails as the JWT provider receives the following error:
{code:java}
HTTP ERROR 400 Bad request: token has expired {code}
*Expected results*
HDFS UI should have been displayed w/o any issue.
was:
*Steps to reproduce*
# have a topology with JWT federation provider (let's call it {{tokenbased)}}
and add a valid HDFS UI service in there (the service itself does not really
matter, it's just the fastest way in my environment to reproduce the issue)
# get a Knox delegation token using the {{KNOXTOKEN}} service. It's important
that you make sure {{knox.token.exp.server-managed}} is set to {{true}} for the
{{KNOXTOKEN}} service.
# right after the previous call, try to hit the HDFS UI via the previously
created {{tokenbased}} topology
*Current results*
The last action fails as the JWT provider receives the following error:
{code:java}
HTTP ERROR 400 Bad request: token has expired {code}
*Expected results*
HDFS UI should have been displayed w/o any issue.
> Knox token is expired upon immediate token request after creation
> -----------------------------------------------------------------
>
> Key: KNOX-2383
> URL: https://issues.apache.org/jira/browse/KNOX-2383
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.5.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: TokenAuth, token
> Fix For: 1.5.0
>
>
> *Steps to reproduce*
> # have a topology with JWT federation provider (let's call it
> {{tokenbased)}} and add a valid HDFS UI service in there (the service itself
> does not really matter, it's just the fastest way in my environment to
> reproduce the issue). It's important that you make sure
> {{knox.token.exp.server-managed}} is set to {{true}} for the {{JWT federation
> provider}}.
> # get a Knox delegation token using the {{KNOXTOKEN}} service. It's
> important that you make sure {{knox.token.exp.server-managed}} is set to
> {{true}} for the {{KNOXTOKEN}} service.
> # right after the previous call, try to hit the HDFS UI via the previously
> created {{tokenbased}} topology
> *Current results*
> The last action fails as the JWT provider receives the following error:
> {code:java}
> HTTP ERROR 400 Bad request: token has expired {code}
> *Expected results*
> HDFS UI should have been displayed w/o any issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
