question Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous) in Archives of Support Questions (Read Only)

Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 01:42:31 GMT

Hi. I have started a HDP Sandbox 2.5.0 in Azure. I see that current sandbox has issue in that Zeppelin is not accessible from Abari Views. I can get to Zeppelin via port 9995 in browser but it has me as anonymous. How can I switch to being user maria_dev and interact w/ my sandbox.hortonworks.com build in Zeppelin?

Thanks. - Colin

p.s. I was unsuccessfully trying to move my way thru the tutorial here, https://github.com/hortonworks/tutorials/blob/hdp-2.5/tutorials/hortonworks/getting-started-with-apache-zeppelin/tutorial.md.

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

rguruvannagari — Sat, 04 Feb 2017 01:47:41 GMT

@Colin Cunningham

By default zeppelin is configured with anonymous authentcation. You must set [url] section in shiro_ini of zeppelin service as below. And without AD/LDAP authencation you can set the usernames in [users]. After this changes restart zeppelin services. Now with /api/anon commented you must login with user name set in [users]

[users] 
# List of users with their password allowed to access Zeppelin. 
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections 
maria_dev = <password> , admin  #### Add this line 
#admin = password1, admin 
#user1 = password2, role1, role2 
#user2 = password3, role3 

[urls] 

# This section is used for url-based security. 
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. 
# anon means the access is anonymous. 
# authc means Form based Auth Security 
# To enfore security, comment the line below and uncomment the next one 
/api/version = anon 
#/** = anon ###Comment anon
/** = authc    ####Add this line

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

lraheja — Sat, 04 Feb 2017 01:52:26 GMT

@Colin Cunningham

You can follow below steps:

Go to shiro.ini file and edit following section:

1) Under [users] section, you can put username and password you want to use for login :

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1
maria_dev = maria_dev

2) Under [Url] section make below change:

[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
#/** = anon
/** = authc

3) Restart the service.

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 02:38:08 GMT

Thank you.

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 02:40:29 GMT

Thank you. I restarted service but going to browser on :9995, I guess I still don't know how to switch from the user anonymous. below is how the tail of my shiro.ini [urls] section now reads in case you see any issue here.

-Colin

/api/version = anon

/** = anon

#/** = authc

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 03:27:38 GMT

@Iraheja or @rguruvannagari . Thanks for both your answers. Any pointers how to switch users in Zeppelin? I'm stuck on anonymous still after restarting zeppelin w/ the above changes to my shiro.ini config file. I don't see a way in the zeppelin UI to switch users. I can update the 'credential' but I don't really know what that is for. I am clearly a zeppelin newbie. -Colin

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

rguruvannagari — Sat, 04 Feb 2017 04:26:49 GMT

Can you please provide shiro ini content ?

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 04:59:31 GMT

[root@sandbox conf]# more shiro.ini

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
#admin = password1
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2


# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername = CN=Administrator,CN=Users,DC=HW,DC=EXAMPLE,DC=COM
#activeDirectoryRealm.systemPassword = Password1!
#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/zeppelin.jceks
#activeDirectoryRealm.searchBase = CN=Users,DC=HW,DC=TEST,DC=COM
#activeDirectoryRealm.url = ldap://ad-nano.test.example.com:389
#activeDirectoryRealm.groupRolesMap = ""
#activeDirectoryRealm.authorizationCachingEnabled = true


#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = uid={0},cn=users,cn=accounts,dc=example,dc=com
#ldapRealm.contextFactory.url = ldap://ldaphost:389
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
#sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
#securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login


[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
/** = anon
#/** = authc

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

colin_a_cunning — Sat, 04 Feb 2017 05:38:14 GMT

@rguruvannagari. I don't know if it was the trick but I set the property zeppelin.anonymous.allowed to false in conf/zeppelin-site.xml and then restarted zeppelin. i also noticed that my shiro.ini changes were reversed or reset to the original. confused but now i was prompted for login. I used maria_dev and it worked. i will carry on w/ the tutorial.

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

arnabarnab — Wed, 22 Feb 2017 11:43:47 GMT

Its a two step process involving changes in 4 lines which i have marked below. Access shiro.ini from Ambari using admin user id only . Please note accessing it any other way will not be useful as it will not preserve the change and will keep getting overwritten every time the zapplin service is restarted.

So access shiro.ini in the following path : Ambari, Zeppelin > Configs > Advanced zeppelin-env > shiro_ini_content and make the following changes :

# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
maria_dev =<password>, admin #### <------Add this line #this is the first change#
#admin = password1, admin

Near the end of the file there you should file the following lines :

# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon <------comment this line #this is the second change#
#/** = anon <------comment this line #this is the third change#
/** = authc <------uncomment this line #this is the fourthchange#

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

arnabarnab — Wed, 22 Feb 2017 11:51:24 GMT

Its a two step process and has to be done from Ambari only. Otherwise the changes will not be retained in shiro.ini and it will get overwritten the moment zapplin service is restarted. Any way here are the steps :

from ambari Zeppelin > Configs > Advanced zeppelin-env > shiro_ini_content and change the following :

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
maria_dev =<password>, admin #### Add this line
#admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
[urls]

B. Under URL section make the changes shown below :

[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon ## commened this line
#/** = anon ##commented this line
/** = authc ## uncommented this line

Then restart zapplin. try to log in again. This should solve the problem.