Hi Folks,

I have configured a service to use the SSOCookieProvider (federation role) and am seeing some odd behavior that I didn’t expect. Looking for clarification if this is behaving normally or not.

I am making a request to: https://host.example.com:8443/gateway/default/myservice/myapp/ and am then getting redirected  to https://host.example.com:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=https://host.example.com:9443/myapp/ where I am prompted for credentials. I am able to login successfully and then am redirected to the value of the originalUrl query parameter.

Essentially what I am seeing is that knox sso is listing the originalUrl as the actual path to the web application instead of the gated value of the web application. For my scenario I would expect that query parameter to contain the value https://host.example.com:8443/gateway/default/myservice/myapp/

Why does knox sso behave in this manner? Is this expected? If so, do I need to write additional rewrite rules for this to behave like I would like?

Note: If I call https://host.example.com:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=https://host.example.com:8443/gateway/default/myservice/myapp/ directly then knox functions as I would expect it to. IE. I can log in and get redirected to my app in the gated path.

I am using HDP version 2.6.2.0 with Knox 0.12.0

Thanks in advance,

Christopher Jackson
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB