Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1069

KnoxSSO token audience config should trim values

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.13.0
    • Fix Version/s: 0.14.0
    • Component/s: KnoxSSO
    • Labels:
      None

      Description

      knoxsso.token.audiences can be set to a comma-separated list of values. Those values can end up containing spaces, depending on how the list is configured. For example:

              <param>
                 <name>knoxsso.token.audiences</name>
                 <value>foo,bar, baz</value>
              </param>
      

      With that config, the token seen by the receiving service will see three audiences, "foo", "bar", and " baz". Notice the space in front of baz.

      If the list is parsed and the values are trimmed, it might avoid confusion for services that need to parse that list and match values. Other areas within Knox (such as federation filters) should also trim the values in the list for matching purposes.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              jtstorck Jeff Storck

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment