[jira] [Created] (ZEPPELIN-3124) KnoxSSO Authentication returns 503 when using the websso service

Tue, 02 Jan 2018 04:27:06 -0800 

Patrick Ethier created ZEPPELIN-3124:
----------------------------------------

             Summary: KnoxSSO Authentication returns 503 when using the websso 
service
                 Key: ZEPPELIN-3124
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3124
             Project: Zeppelin
          Issue Type: Bug
    Affects Versions: 0.8.0
         Environment: Knox 0.14.0 & Zeppelin 0.8.0-SNAPSHOT (see config files 
included below)
            Reporter: Patrick Ethier
            Priority: Minor
         Attachments: knox-knoxsso.xml, knox-topology-ui.xml, zeppelin-shiro.ini

I am unsure if this is Knox related or Zeppelin related but the fact that 
zeppelin returns 503 I am starting here.

In short, KnoxSSO-enabled services, from what I understand, should be pointing 
to https://<gatewayurl>/gateway/knoxsso/api/v1/websso. This URL will then 
redirect the user to whatever "provider" to be used by knox which, when done, 
will redirect to zeppelin with hadoop-jwt.

The current patch for the knox-sso points directly to the form-login, which 
bypasses the ability of KnoxSSO from using an external provider.

So, knowJwtRealm.login= gateway/knoxsso/api/v1/websso returns 503
but  knoxJwtRealm.login = gateway/knoxsso/knoxauth/login.html returns the knox 
login form and works (but it is impossible to use an oauth or SAML provider 
since this is bypassing the upstream knoxsso providers).

To reproduce this, on the same host, install knox on port 8443, install 
zeppelin on 8080 using the default untarred distributions for both (in my case 
I put them in /opt)

Copy the included/attached files (I configured my DNS to return 
zeppelin01.example.com that points to the host) as follows:
zeppelin-shiro.ini is <base>/zeppelin-0.8.0-SNAPSHOT/conf/shiro.ini
knox-knoxsso.xml is <base>/knox-0.14.0/conf/topologies/knoxsso.xml
knox-topology-ui.xml is <base>/knox-0.14.0/conf/topologies/ui.xml

By commenting/uncommenting the line in shiro.ini:
knowJwtRealm.login=

Browse to http://zeppelin01.example.com:8080. In the login.html case it works, 
in the websso case it returns 503.

Also note, the above configuration should also work for 
https://zeppelin01.example.com:8443/gateway/ui/zeppelin but the redirects 
aren't working (I'm not sure if this is related to this issue, is a 
misconfiguration on my part, or is a knox problem but I am providing it just in 
case).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to