knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1774117 - in /knox: site/books/knox-0-11-0/user-guide.html trunk/books/0.11.0/config_knox_sso.md
Date Wed, 14 Dec 2016 00:27:33 GMT
Author: lmccay
Date: Wed Dec 14 00:27:32 2016
New Revision: 1774117

URL: http://svn.apache.org/viewvc?rev=1774117&view=rev
Log:
Updated KnoxSSO param table to remove OPEN ISSUE regarding audience claims

Modified:
    knox/site/books/knox-0-11-0/user-guide.html
    knox/trunk/books/0.11.0/config_knox_sso.md

Modified: knox/site/books/knox-0-11-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-11-0/user-guide.html?rev=1774117&r1=1774116&r2=1774117&view=diff
==============================================================================
--- knox/site/books/knox-0-11-0/user-guide.html (original)
+++ knox/site/books/knox-0-11-0/user-guide.html Wed Dec 14 00:27:32 2016
@@ -2656,7 +2656,7 @@ APACHE_HOME/bin/apachectl -k stop
     </tr>
     <tr>
       <td>knoxsso.token.audiences </td>
-      <td>This is a comma separated list of audiences to add to the JWT token. This
is used to ensure that a token received by a participating application knows that the token
was intended for use with that application. It is optional. In the event that an application
has expected audiences and they are not present the token must be rejected. In the event where
the token has audiences and the application has none expected then the token is accepted.
OPEN ISSUE - not currently being populated in WebSSOResource. </td>
+      <td>This is a comma separated list of audiences to add to the JWT token. This
is used to ensure that a token received by a participating application knows that the token
was intended for use with that application. It is optional. In the event that an application
has expected audiences and they are not present the token must be rejected. In the event where
the token has audiences and the application has none expected then the token is accepted.</td>
       <td>empty</td>
     </tr>
     <tr>

Modified: knox/trunk/books/0.11.0/config_knox_sso.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.11.0/config_knox_sso.md?rev=1774117&r1=1774116&r2=1774117&view=diff
==============================================================================
--- knox/trunk/books/0.11.0/config_knox_sso.md (original)
+++ knox/trunk/books/0.11.0/config_knox_sso.md Wed Dec 14 00:27:32 2016
@@ -37,7 +37,7 @@ knoxsso.cookie.secure.only       | This
 knoxsso.cookie.max.age           | optional: This indicates that a cookie can only live for
a specified amount of time - in seconds. This should probably be left to the default which
makes it a session cookie. Session cookies are discarded once the browser session is closed.
| session
 knoxsso.cookie.domain.suffix     | optional: This indicates the portion of the request hostname
that represents the domain to be used for the cookie domain. For single host development scenarios
the default behavior should be fine. For production deployments, the expected domain should
be set and all configured URLs that are related to SSO should use this domain. Otherwise,
the cookie will not be presented by the browser to mismatched URLs. | Default cookie domain
or a domain derived from a hostname that includes more than 2 dots.
 knoxsso.token.ttl                | This indicates the lifespan of the token within the cookie.
Once it expires a new cookie must be acquired from KnoxSSO. This is in milliseconds. The 36000000
in the topology above gives you 10 hrs. | 30000 That is 30 seconds.
-knoxsso.token.audiences          | This is a comma separated list of audiences to add to
the JWT token. This is used to ensure that a token received by a participating application
knows that the token was intended for use with that application. It is optional. In the event
that an application has expected audiences and they are not present the token must be rejected.
In the event where the token has audiences and the application has none expected then the
token is accepted. OPEN ISSUE - not currently being populated in WebSSOResource. | empty
+knoxsso.token.audiences          | This is a comma separated list of audiences to add to
the JWT token. This is used to ensure that a token received by a participating application
knows that the token was intended for use with that application. It is optional. In the event
that an application has expected audiences and they are not present the token must be rejected.
In the event where the token has audiences and the application has none expected then the
token is accepted.| empty
 knoxsso.redirect.whitelist.regex | A semicolon separated list of regex expressions. The incoming
originalUrl must match one of the expressions in order for KnoxSSO to redirect to it after
authentication. Defaults to only relative paths and localhost with or without SSL for development
usecases. This needs to be opened up for production use and actual participating applications.
Note that cookie use is still constrained to redirect destinations in the same domain as the
KnoxSSO service - regardless of the expressions specified here. | ^/.\*$;^https?://localhost:\\d{0,9}/.\*$
 
 



Mime
View raw message