Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
avatar
Contributor

HDP Environment:

Secure cluster (kerberos enabled)

Users managed by Active Directory (AD)

SYMPTOMS:

When user tries to access the Falcon UI with the following address, they are prompted to enter their username and password:

http://<falcon server host>:15000/index.html?user.name=admin#/

After entering the correct AD username and password, user gets this exception in the UI:

10888-falcon-web-ui.jpg

Using curl to negotiate with Falcon UI URL has no issues.

ROOT CAUSE: User is not using kerberos to authenticate

RESOLUTION: In order to access the Falcon UI after enabling kerberos, user needs to authenticate using SPNEGO to negotiate with kerberos not with a user name and password.

Each browser supports SPNEGO, but configuration is different for each browser. Safari needs no further configuration.

After configuring your browser to negotiate using SPNEGO, user must kinit and can try to access the Falcon UI again.

1,741 Views
Version history
Last update:
‎08-17-2019 06:30 AM
Updated by:
Contributors