Okay...
In the near term, I think that we should use the existing topology
descriptor approach and limit Knoxsso to a single configuration per
deployment.
In many deployment scenarios - especially those managed by Ambari there is
only one cluster anyway.
We should start to consider a different ap
Good point...
So, we couldn't have admin and knoxsso APIs in the same topology.
We could have other fully qualified services/URLs in the same topology
though - like WEBHDFS.
This starts to feel like maybe this is a misuse of topologies and that we
really need to be able to colocate them with some
Inline...
On 11/3/15, 11:39 AM, "larry mccay" wrote:
>Perhaps returning to the elimination of the service component within the
>resource path makes sense after all:
>
>https://localhost:8443/gateway/knoxsso/api/v1/websso
>
>Out of the box the knoxsso.xml topology can be configured for SAML as
Perhaps returning to the elimination of the service component within the
resource path makes sense after all:
https://localhost:8443/gateway/knoxsso/api/v1/websso
Out of the box the knoxsso.xml topology can be configured for SAML as a
starting point but can be changed to whatever makes sense.
Kno
Agreed.
I'm not sure that you would name your topology that way if you intended to
use it for REST though.
We could certainly create credential collectors in the client shell that
interacted with a HTTP basic auth fronted websso service and manages the
returned cookies in a protected file. Like a
[
https://issues.apache.org/jira/browse/KNOX-394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987386#comment-14987386
]
ASF subversion and git services commented on KNOX-394:
--
Commit 34b1cd03
Given your comment
I assumed that the resource name would differentiate between the types of
tokens returned.
So, "websso" for WebSSO flows for browsers/cookies and maybe "token" or
something for REST clients - like Oauth.
If you continue down the “websso” as resource path you might end up with t
inline...
On Mon, Nov 2, 2015 at 11:31 PM, Kevin Minder
wrote:
> These don’t seem terrible to me but I question if they are actually what
> you meant.
> https://localhost:8443/gateway/sandbox/auth-ui/knoxsso/api/v1/websso
> https://localhost:8443/gateway/sandbox/auth-rest/knoxsso/api/v1/websso