Secure cluster (kerberos enabled)
Users managed by Active Directory (AD)
When user tries to access the Falcon UI with the following address, they are prompted to enter their username and password:
http://<falcon server host>:15000/index.html?user.name=admin#/
After entering the correct AD username and password, user gets this exception in the UI:
Using curl to negotiate with Falcon UI URL has no issues.
ROOT CAUSE: User is not using kerberos to authenticate
RESOLUTION: In order to access the Falcon UI after enabling kerberos, user needs to authenticate using SPNEGO to negotiate with kerberos not with a user name and password.
Each browser supports SPNEGO, but configuration is different for each browser. Safari needs no further configuration.
After configuring your browser to negotiate using SPNEGO, user must kinit and can try to access the Falcon UI again.