Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KNOX-2970 - Removing KnoxSSO cookie from the token state service upon logout #806

Merged
merged 1 commit into from
Oct 19, 2023

Conversation

smolnar82
Copy link
Contributor

What changes were proposed in this pull request?

When end-users log out from the application (using the logout button on the Knox Home page), the KnoxSSO cookie is removed from the token state service too (if it was configured earlier).
I also made a small, but useful change on the Token Management UI: current KnoxSSO cookie, bound to the current session, is shown in bold.

How was this patch tested?

Manual testing:

  1. enabled logout on Knox Home page
  2. enabled the storage of KnoxSSO cookies
  3. logged into the Knox Token Management page in a regular browser window
  4. logged into the Knox Token Management page in an incognito browser window
  5. logged out from the Knox Home page in the incognito window
  6. logged in again in the incognito window

Before logout:

Screenshot 2023-10-19 at 14 58 28 Screenshot 2023-10-19 at 14 58 41

After logout and re-login:

Screenshot 2023-10-19 at 14 59 15 Screenshot 2023-10-19 at 14 59 45

Relevant log entry:

2023-10-19 14:57:53,490 a84e9e8f-7a8f-4ba5-91d1-86d05e587a71 INFO  service.knoxsso (WebSSOResource.java:saveToken(453)) - Knox Token service (knoxsso) stored state for token eyJraW...EG-3Ug (4e58e7fd...943d4023c4f3)
...
2023-10-19 14:58:50,251 a9e1b9e1-cc32-456b-a489-ab9379d636b5 INFO  service.knoxsso (WebSSOutResource.java:removeKnoxSsoCookie(143)) - Knox Token service (homepage) revoked token eyJraW...EG-3Ug (4e58e7fd...943d4023c4f3) (renewer=admin)
...
2023-10-19 14:59:02,758 5b8eef40-a408-41d9-99ec-cd150c852748 INFO  service.knoxsso (WebSSOResource.java:saveToken(453)) - Knox Token service (knoxsso) stored state for token eyJraW...a4Kc7Q (663e56bb...918736ba130b)

… logout

Additionally, the Token Management UI displays the 'current' KnoxSSO cookie row in bold.
@smolnar82 smolnar82 requested a review from zeroflag October 19, 2023 13:19
@smolnar82 smolnar82 self-assigned this Oct 19, 2023
@smolnar82 smolnar82 merged commit fbed6e7 into apache:master Oct 19, 2023
2 checks passed
@smolnar82 smolnar82 deleted the KNOX-2970 branch October 19, 2023 18:00
stoty pushed a commit to stoty/knox that referenced this pull request May 14, 2024
…ervice upon logout (apache#806)

Additionally, the Token Management UI displays the 'current' KnoxSSO cookie row in bold.

Change-Id: I2c1f44d4fda67eeae5396dfb56a7116303a06fa3
stoty pushed a commit to stoty/knox that referenced this pull request May 14, 2024
…into cdpd-master

* changes:
  CDPD-62588, KNOX-2972: Session resource can generate application logout URL with profile/topologies query parameters (apache#808)
  CDPD-62595, KNOX-2970: Removing KnoxSSO cookie from the token state service upon logout (apache#806)
  CDPD-62598, KNOX-2971: Applying word wrapping in the comment and metadata columns on the Token Management UI (apache#807)
  CDPD-62592, KNOX-2969: KnoxSSO Cookies should be ignored while calculating token limit per user (apache#805)
  CDPD-62585, KNOX-2968: Batch token enable action should succeed even if enabled KnoxSSO cookies are selected (apache#804)
  CDPD-61809, KNOX-2961: Knox SSO cookie Invalidation - Phase II (apache#799)
  CDPD-61184, KNOX-2961: Knox SSO cookie Invalidation - Phase I (apache#797)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants