Re: [DISCUSSION] WebSSO Service Resource Path

Okay... In the near term, I think that we should use the existing topology descriptor approach and limit Knoxsso to a single configuration per deployment. In many deployment scenarios - especially those managed by Ambari there is only one cluster anyway. We should start to consider a different ap

Re: [DISCUSSION] WebSSO Service Resource Path

Good point... So, we couldn't have admin and knoxsso APIs in the same topology. We could have other fully qualified services/URLs in the same topology though - like WEBHDFS. This starts to feel like maybe this is a misuse of topologies and that we really need to be able to colocate them with some

Re: [DISCUSSION] WebSSO Service Resource Path

Inline... On 11/3/15, 11:39 AM, "larry mccay" wrote: >Perhaps returning to the elimination of the service component within the >resource path makes sense after all: > >https://localhost:8443/gateway/knoxsso/api/v1/websso > >Out of the box the knoxsso.xml topology can be configured for SAML as

Re: [DISCUSSION] WebSSO Service Resource Path

Perhaps returning to the elimination of the service component within the resource path makes sense after all: https://localhost:8443/gateway/knoxsso/api/v1/websso Out of the box the knoxsso.xml topology can be configured for SAML as a starting point but can be changed to whatever makes sense. Kno

Re: [DISCUSSION] WebSSO Service Resource Path

Agreed. I'm not sure that you would name your topology that way if you intended to use it for REST though. We could certainly create credential collectors in the client shell that interacted with a HTTP basic auth fronted websso service and manages the returned cookies in a protected file. Like a

[jira] [Commented] (KNOX-394) Request and response URLs must be parsed as literals not templates

[ https://issues.apache.org/jira/browse/KNOX-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987386#comment-14987386 ] ASF subversion and git services commented on KNOX-394: -- Commit 34b1cd03

Re: [DISCUSSION] WebSSO Service Resource Path

Given your comment I assumed that the resource name would differentiate between the types of tokens returned. So, "websso" for WebSSO flows for browsers/cookies and maybe "token" or something for REST clients - like Oauth. If you continue down the “websso” as resource path you might end up with t

Re: [DISCUSSION] WebSSO Service Resource Path

inline... On Mon, Nov 2, 2015 at 11:31 PM, Kevin Minder wrote: > These don’t seem terrible to me but I question if they are actually what > you meant. > https://localhost:8443/gateway/sandbox/auth-ui/knoxsso/api/v1/websso > https://localhost:8443/gateway/sandbox/auth-rest/knoxsso/api/v1/websso