[
https://issues.apache.org/jira/browse/NIFI-4382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181742#comment-16181742
]
ASF GitHub Bot commented on NIFI-4382:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2177
Yeah, I don't have deep enough Knox familiarity to judge the best use case
for communicating back that the logout command has occurred. If we treated
receiving the `hadoop-jwt` token from Knox the same way we did the credential
check for LDAP or Kerberos, and issued our own JWT, deleting the local JWT
would trigger re-validating the `hadoop-jwt` cookie. If we update the local key
store to indicate that that specific JWT is no longer valid, I believe we could
trigger a redirect to the Knox service. However, my understanding is that we
cannot simply delete the `hadoop-jwt` cookie because other services rely on it
for SSO, and I do not know what the Knox API is like to trigger a logout
remotely. At this time, I do not have a good suggestion for this scenario.
> Add KnoxSSO support to NiFi
> ---------------------------
>
> Key: NIFI-4382
> URL: https://issues.apache.org/jira/browse/NIFI-4382
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> Add support for KnoxSSO to NiFi.
> Reference documentation:
> http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
