Hi Praveen, In your previous mail, what version of Zeppelin were you on? And over here what is the maven command that you are running?
On Thu, 9 Aug 2018 at 12:22, Ravikumar, Praveen Krishnamoorthy < rpkr...@amazon.com> wrote: > Hi, > > > > For the below issue I found *jwt/KnoxJwtRealm *module under > Zeppelin-Server class is missing in Zeppelin version coming with EMR. So I > tried to build the Zeppelin-Server.jar file by fetching the latest zeppelin > source code from git repo. > > > > I have not worked on maven before. I’m following few steps online and > trying to package the zeppelin-server class. While packaging I’m getting > the below dependency Issue, which I have no idea how to resolve. Could > anyone please help me in this – would be very helpful. > > > > > > Thanks, > > Praveen. > > > > *From: *"Ravikumar, Praveen Krishnamoorthy" <rpkr...@amazon.com> > *Date: *Wednesday, August 8, 2018 at 1:55 PM > *To: *"users@zeppelin.apache.org" <users@zeppelin.apache.org> > *Cc: *"Mohanan, Mahesh" <mahesh_moha...@intuit.com>, " > prasada_pra...@intuit.com" <prasada_pra...@intuit.com> > *Subject: *Need help in enabling KnoxSSO authentication in zeppelin > > > > Greetings, > > > > I’m working on enabling knox-sso authentication in Zeppelin on AWS EMR. I > configured Zeppelin UI host in the topology XML , made the configuration > changes to enable zeppelin in knox ( suggested in the documentation ). Now > I’m facing few issues on accessing the zeppelin via knox gateway, which I > have detailed below. Could anyone please help me in this, would be very > helpful to proceed further. > > > > I’m seeing the below log error messages on starting the zeppelin. > > > > > > [image: > /var/folders/xz/7j115t_j365gcypfb10hq_p5qwy444/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/cidimage001.png@01D42F1D.6BACC9B0] > > > > *Configuration changes:* > > > > 1. Zeppelin : shiro.ini > > > > knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm > > knoxJwtRealm.providerUrl = https://<dns-domain>:8446/ > > knoxJwtRealm.login = gateway/knoxsso/api/v1/websso > > knoxJwtRealm.logout = gateway/knoxssout/api/v1/webssout > > knoxJwtRealm.logoutAPI = true > > knoxJwtRealm.redirectParam = originalUrl > > knoxJwtRealm.cookieName = hadoop-jwt > > knoxJwtRealm.publicKeyPath = /etc/zeppelin/conf/knoxsso.pem > > knoxJwtRealm.groupPrincipalMapping = group.principal.mapping > > knoxJwtRealm.principalMapping = principal.mapping > > authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter > > > > 1. Knoxsso.xml > > > > <?xml version="1.0" encoding="utf-8"?> > > <topology> > > <gateway> > > <provider> > > <role>federation</role> > > <name>pac4j</name> > > <enabled>true</enabled> > > <param> > > <name>pac4j.session.store</name> > > <value>J2ESessionStore</value> > > </param> > > <param> > > <name>pac4j.callbackUrl</name> > > <value>https://<dnsname>:8446/gateway/knoxsso/api/v1/websso > </value> > > </param> > > > > <param> > > <name>clientName</name> > > <value>SAML2Client</value> > > </param> > > > > <param> > > <name>saml.identityProviderMetadataPath</name> > > <value>/tmp/preprod_metadata_SP.xml</value> > > </param> > > > > <param> > > <name>saml.serviceProviderMetadataPath</name> > > <value>/tmp/preprod_metadata_SP.xml</value> > > </param> > > > > <param> > > <name>saml.serviceProviderEntityId</name> > > <value>https:// > <dnsname>:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true > <https://%20%3cdnsname%3e:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true> > &client_name=SAML2Client</value> > > </param> > > </provider> > > <provider> > > <role>identity-assertion</role> > > <name>Default</name> > > <enabled>true</enabled> > > </provider> > > <provider> > > <role>hostmap</role> > > <name>static</name> > > <enabled>true</enabled> > > <param> > > <name>localhost</name> > > <value>XXX.vpc.internal</value> > > </param> > > </provider> > > </gateway> > > <service> > > <role>KNOXSSO</role> > > <param> > > <name>knoxsso.cookie.domain.suffix</name> > > <value>.######</value> > > </param> > > <param> > > <name>knoxsso.cookie.secure.only</name> > > <value>false</value> > > </param> > > <param> > > <name>knoxsso.enable.session</name> > > <value>true</value> > > </param> > > <param> > > <name>knoxsso.cookie.max.age</name> > > <value>session</value> > > </param> > > <param> > > <name>knoxsso.token.ttl</name> > > <value>100000</value> > > </param> > > <param> > > <name>knoxsso.redirect.whitelist.regex</name> > > <value>^https?:\/\/( > <dnsname>|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value> > > </param> > > </service> > > </topology> > > > > 1. gate1.xml (topology xml) > > > > <?xml version="1.0" encoding="utf-8"?> > > <topology> > > <gateway> > > <provider> > > <role>webappsec</role> > > <name>WebAppSec</name> > > <enabled>true</enabled> > > <param> > > <name>cors.enabled</name> > > <value>true</value> > > </param> > > </provider> > > <provider> > > <role>federation</role> > > <name>SSOCookieProvider</name> > > <enabled>true</enabled> > > <param> > > <name>sso.authentication.provider.url</name> > > <value>https://<dns-name>:8446/gateway/knoxsso/api/v1/websso > </value> > > </param> > > </provider> > > <provider> > > <role>identity-assertion</role> > > <name>Default</name> > > <enabled>true</enabled> > > </provider> > > </gateway> > > <service> > > <role>YARNUI</role> > > <url>http://XXXX.vpc.internal:8088</url> > > </service> > > <service> > > <role>SPARKHISTORYUI</role> > > <url>http://XXXXX.vpc.internal:18080/</url> > > </service> > > <service> > > <role>ZEPPELINWS</role> > > <url>ws://XXXXXXX.vpc.internal:8890/ws</url> > > </service> > > -- Thankx and Regards, Prabhjyot Singh
