Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-23095

knoxsso.redirect.whitelist.regex should not require a port number

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.5.0, trunk, 2.6.2
    • None
    • stacks

    Description

      The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:

      https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110

      ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$

      Proposal is to make the port optional and validate that anything after the host or port starts with /.

      ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$

      Pull request with the change: https://github.com/apache/ambari/pull/484

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #484

          Activity

            People

              Unassigned Unassigned
              seano Sean Roberts
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m