[
https://issues.apache.org/jira/browse/KNOX-3186?focusedWorklogId=981946&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-981946
]
ASF GitHub Bot logged work on KNOX-3186:
----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Sep/25 01:56
Start Date: 05/Sep/25 01:56
Worklog Time Spent: 10m
Work Description: moresandeep opened a new pull request, #1081:
URL: https://github.com/apache/knox/pull/1081
## What changes were proposed in this pull request?
This PR adds support for extracting the original URL from HTTP request
headers in the SSOCookieFederationFilter, used by isto external auth
configuration where the original client URL information may be lost or modified
during request forwarding.
<section id="markdown-section-989dc13a-8978-4832-ad8b-5ee08d8804b0-9"
class="markdown-section " data-markdown-raw="
### New Configuration Parameters" data-section-index="9"
style="scrollbar-color: var(--vscode-scrollbarSlider-background,#424242)
var(--vscode-editor-background,#1e1e1e); border-radius: 4px; line-height:
19.5px; margin: 6px 0px; position: relative; scroll-margin-bottom: 40px;
scroll-margin-top: 40px; color: rgb(243, 243, 243); font-family: -apple-system,
"system-ui", sans-serif; font-size: 13px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px;
text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width:
0px; white-space: normal; background-color: rgb(20, 20, 20);
text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial;"><h3 style="scrollbar-color:
var(--vscode-scrollbarSlider-background,#424242)
var(--vscode-editor-background,#1e1e1e); font-weight: 600 !important;
font-size: 1.15em; line-height: 1.25; margin-bottom: 8px; margin-top:
18px;"><span style="scrollbar-color:
var(--vscode-scrollbarSlider-background,#424242)
var(--vscode-editor-background,#1e1e1e);">New Configuration
Parameters</span></h3></section>
Parameter | Default | Description
Issue Time Tracking
-------------------
Worklog Id: (was: 981946)
Remaining Estimate: 0h
Time Spent: 10m
> SSOCookieProvider does not work with istio external authorizer
> --------------------------------------------------------------
>
> Key: KNOX-3186
> URL: https://issues.apache.org/jira/browse/KNOX-3186
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> SSOCookieProvider does not work in it's current form with istio external
> authorizer
> * The reason SSOCookieProvider does not work in its current form is because
> of the way istio external authorizer forwards the request.
> * Say we a request comes to the endpoint [https://www.local.com:8443/knox/]
> protected by istio external authorizer.
> * It is intercepted by istio and forwarded to
> [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/]
> * Sandbox topology kicks off SSO flow
> [https://www.local.com:8443/gateway/knoxsso/api/v1/websso?originalUrl=http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|https://www.local.com:8443/gateway/knox-test-samlsso/api/v1/websso?originalUrl=http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/],
> notice the originalURL it is not [https://www.local.com:8443/knox/] but
> [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/]
> After successful SSO the request ends up at
> [http://www.local.com:8443/gateway/sandbox/auth/api/v1/extauthz/knox/|http://www.local.com:8443/gateway/knox-test-cdpauth/auth/api/v1/extauthz/knox/]
> which is not where we want it to go.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
