Community Articles
Find and share helpful community-sourced technical articles
Labels (1)
New Contributor

HDP Environment:

Secure cluster (kerberos enabled)

Users managed by Active Directory (AD)

SYMPTOMS:

When user tries to access the Falcon UI with the following address, they are prompted to enter their username and password:

http://<falcon server host>:15000/index.html?user.name=admin#/

After entering the correct AD username and password, user gets this exception in the UI:

10888-falcon-web-ui.jpg

Using curl to negotiate with Falcon UI URL has no issues.

ROOT CAUSE: User is not using kerberos to authenticate

RESOLUTION: In order to access the Falcon UI after enabling kerberos, user needs to authenticate using SPNEGO to negotiate with kerberos not with a user name and password.

Each browser supports SPNEGO, but configuration is different for each browser. Safari needs no further configuration.

After configuring your browser to negotiate using SPNEGO, user must kinit and can try to access the Falcon UI again.

1,354 Views
Don't have an account?
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 06:30 AM
Updated by:
 
Contributors
Top Kudoed Authors