ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-886) RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
Date Wed, 23 Mar 2016 12:16:25 GMT

    [ https://issues.apache.org/jira/browse/RANGER-886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15208317#comment-15208317
] 

Larry McCay commented on RANGER-886:
------------------------------------

Hi Vel - having the token expire out from under a session cookie doesn't make a lot of sense.
So, adding the ability to have the cookie determine the actual lifecycle of the SSO session
can be done by setting the TTL property of the KnoxSSO service to a -1. Which means that it
will not set an expiration time on the token and it will be valid for as long as the cookie
is.

I am going to provide a v002 of the patch to simplify a redundant check.

> RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
> ----------------------------------------------------------------------------
>
>                 Key: RANGER-886
>                 URL: https://issues.apache.org/jira/browse/RANGER-886
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>         Attachments: RANGER-886-001.patch
>
>
> The processing of the JWT token used within the KnoxSSO cookie currently decides that
a missing expiration time fails validation. The absence of the expiration time should be interpreted
as no expiration.
> This ties the lifecycle of the JWT token to that of the cookie itself which will generally
be a session cookie.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message