Versions Compared

Old Version 2

changes.mady.by.user Phil Zampino

Saved on

compared with

New Version Current

changes.mady.by.user Phil Zampino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

https://issues.apache.org/jira/browse/KNOX-2067
https://issues.apache.org/jira/browse/KNOX-2071

Goal

The KnoxToken service (gateway-service-knoxtoken) currently hands out tokens (which include expiration information), which the various token-related providers validate when an
attempt is made to use those tokens to authorize the invocation of some other service.
There should be a way to renew (extend the ttl of) an existing token (e.g., to support long-running jobs) or to revoke a token (e.g., when a job is finished).

...

Service Parameter

Default Value

Description

knox.token.exp.server-managed

false

True, if the TokenStateService should be employed by a particular deployment of the KnoxToken service.

knox.token.exp.renew-interval

24 hours

The amount of time for which the ttl of a token should be extended when renewal is requested.

knox.token.exp.max-lifetime7 daysThe maximum allowable lifetime duration for tokens.

knox.token.renewer.whitelist

N/A

The maximum allowed number of renewals for a given tokenA list of those principals who are permitted to renew/revoke tokens.


KnoxToken Authentication Enhancements

...