[ https://issues.apache.org/jira/browse/KNOX-761?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay resolved KNOX-761. ------------------------------ Resolution: Fixed This was fixed with pac4j upgrade in 0.14.0. > KnoxSSO Needs to Support Multi-tenant Usecases > ---------------------------------------------- > > Key: KNOX-761 > URL: https://issues.apache.org/jira/browse/KNOX-761 > Project: Apache Knox > Issue Type: Bug > Components: Server > Reporter: Larry McCay > Assignee: Larry McCay > Priority: Major > Fix For: Future > > > In a deployment that separates tenant access to Hadoop resources through > dedicated topologies with tenant specific authentication, there are a couple > issues: > * pac4j provider seems to be caching config settings in a singleton which > makes the redirect url nondeterministic. > * knoxsso cookie would be trusted across tenant specific topologies which > could lead to unauthorized access to resources that belongs to another tenant > The use of tenant specific audience claims within the JWT token could be used > to mitigate the cross tenant trust issue. > We need to investigate the pac4j provider issue with the singleton config. -- This message was sent by Atlassian JIRA (v7.6.3#76005)