[ https://issues.apache.org/jira/browse/AMBARI-23095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Roberts updated AMBARI-23095: ---------------------------------- Description: The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443: https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110 {code} ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$ {code} Proposal is to make the port optional and validate that anything after the host or port starts with /. {code} ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$ {code} was: The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443: https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110 {code} ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$ {code} Proposal is to make the port optional and validate that anything after the host or port starts with /. > knoxsso.redirect.whitelist.regex should not require a port number > ----------------------------------------------------------------- > > Key: AMBARI-23095 > URL: https://issues.apache.org/jira/browse/AMBARI-23095 > Project: Ambari > Issue Type: Bug > Components: stacks > Affects Versions: 2.5.0, trunk, 2.6.2 > Reporter: Sean Roberts > Priority: Major > Labels: knox > > The default 'knoxsso.redirect.whitelist.regex' is set to require a port > number meaning it won't work for redirects to normal HTTP and HTTPS on :80 > and :443: > https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110 > {code} > ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$ > {code} > Proposal is to make the port optional and validate that anything after the > host or port starts with /. > {code} > ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$ > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)