https://issues.apache.org/jira/browse/KNOX-2067
https://issues.apache.org/jira/browse/KNOX-2071
Goal
The KnoxToken service (gateway-service-knoxtoken) currently hands out tokens (which include expiration information), which the various token-related providers validate when an
attempt is made to use those tokens to authorize the invocation of some other service.
There should be a way to renew (extend the ttl of) an existing token (e.g., to support long-running jobs) or to revoke a token (e.g., when a job is finished).
...
Service Parameter | Default Value | Description |
---|---|---|
knox.token.exp.server-managed | false | True, if the TokenStateService should be employed by a particular deployment of the KnoxToken service. |
knox.token.exp.renew-interval | 24 hours | The amount of time for which the ttl of a token should be extended when renewal is requested. |
knox.token.exp.max-lifetime | 7 days | The maximum allowable lifetime duration for tokens. |
knox.token.renewer.whitelist | N/A | The maximum allowed number of renewals for a given tokenA list of those principals who are permitted to renew/revoke tokens. |
KnoxToken Authentication Enhancements
...