knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject svn commit: r1835278 - in /knox: site/books/knox-1-1-0/user-guide.html site/index.html site/issue-tracking.html site/license.html site/mail-lists.html site/project-info.html site/team-list.html trunk/books/1.1.0/config_knox_sso.md
Date Fri, 06 Jul 2018 20:19:41 GMT
Author: more
Date: Fri Jul  6 20:19:41 2018
New Revision: 1835278

URL: http://svn.apache.org/viewvc?rev=1835278&view=rev
Log:
KNOX-1378 - Document knoxsso.expected.params option for KnoxSSO

Modified:
    knox/site/books/knox-1-1-0/user-guide.html
    knox/site/index.html
    knox/site/issue-tracking.html
    knox/site/license.html
    knox/site/mail-lists.html
    knox/site/project-info.html
    knox/site/team-list.html
    knox/trunk/books/1.1.0/config_knox_sso.md

Modified: knox/site/books/knox-1-1-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri Jul  6 20:19:41 2018
@@ -4028,6 +4028,11 @@ APACHE_HOME/bin/apachectl -k stop
       <td>A semicolon-delimited list of regular expressions. The incoming originalUrl
must match one of the expressions in order for KnoxSSO to redirect to it after authentication.
Note that cookie use is still constrained to redirect destinations in the same domain as the
KnoxSSO service - regardless of the expressions specified here. </td>
       <td>The value of the gateway-site property named <em>gateway.dispatch.whitelist</em>.
If that is not defined, the default allows only relative paths, localhost or destinations
in the same domain as the Knox host (with or without SSL). This may need to be opened up for
production use and actual participating applications.</td>
     </tr>
+    <tr>
+      <td>knoxsso.expected.params </td>
+      <td>Optional: Comma separated list of query parameters that are expected and
consumed by KnoxSSO and will not be passed on to originalUrl </td>
+      <td>empty</td>
+    </tr>
   </tbody>
 </table><h3><a id="Participating+Application+Configuration">Participating
Application Configuration</a> <a href="#Participating+Application+Configuration"><img
src="markbook-section-link.png"/></a></h3><h4><a id="Hadoop+Configuration+Example">Hadoop
Configuration Example</a> <a href="#Hadoop+Configuration+Example"><img src="markbook-section-link.png"/></a></h4><p>The
following is used as the KnoxSSO configuration in the Hadoop JWTRedirectAuthenticationHandler
implementation. Any participating application will need similar configuration. Since JWTRedirectAuthenticationHandler
extends the AltKerberosAuthenticationHandler, the typical Kerberos configuration parameters
for authentication are also required.</p>
 <pre><code>&lt;property&gt;

Modified: knox/site/index.html
URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Announcing Apache Knox 1.0.0!</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Issue Tracking</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/site/license.html
URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project License</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Mailing Lists</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/site/project-info.html
URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Information</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/site/team-list.html
URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Fri Jul  6 20:19:41 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2018-07-03
+ | Generated by Apache Maven Doxia at 2018-07-06
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180703" />
+    <meta name="Date-Revision-yyyymmdd" content="20180706" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Team list</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2018-07-03</li>

+                  <li id="publishDate" class="pull-right">Last Published: 2018-07-06</li>

             
                             </ul>
       </div>

Modified: knox/trunk/books/1.1.0/config_knox_sso.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config_knox_sso.md?rev=1835278&r1=1835277&r2=1835278&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config_knox_sso.md (original)
+++ knox/trunk/books/1.1.0/config_knox_sso.md Fri Jul  6 20:19:41 2018
@@ -100,6 +100,7 @@ knoxsso.cookie.domain.suffix     | optio
 knoxsso.token.ttl                | This indicates the lifespan of the token within the cookie.
Once it expires a new cookie must be acquired from KnoxSSO. This is in milliseconds. The 36000000
in the topology above gives you 10 hrs. | 30000 That is 30 seconds.
 knoxsso.token.audiences          | This is a comma separated list of audiences to add to
the JWT token. This is used to ensure that a token received by a participating application
knows that the token was intended for use with that application. It is optional. In the event
that an application has expected audiences and they are not present the token must be rejected.
In the event where the token has audiences and the application has none expected then the
token is accepted.| empty
 knoxsso.redirect.whitelist.regex | A semicolon-delimited list of regular expressions. The
incoming originalUrl must match one of the expressions in order for KnoxSSO to redirect to
it after authentication. Note that cookie use is still constrained to redirect destinations
in the same domain as the KnoxSSO service - regardless of the expressions specified here.
| The value of the gateway-site property named *gateway.dispatch.whitelist*. If that is not
defined, the default allows only relative paths, localhost or destinations in the same domain
as the Knox host (with or without SSL). This may need to be opened up for production use and
actual participating applications.
+knoxsso.expected.params          | Optional: Comma separated list of query parameters that
are expected and consumed by KnoxSSO and will not be passed on to originalUrl | empty
 
 
 ### Participating Application Configuration



Mime
View raw message