Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
New Contributor

HDP Environment:

Secure cluster (kerberos enabled)

Users managed by Active Directory (AD)

SYMPTOMS:

When user tries to access the Falcon UI with the following address, they are prompted to enter their username and password:

http://<falcon server host>:15000/index.html?user.name=admin#/

After entering the correct AD username and password, user gets this exception in the UI:

10888-falcon-web-ui.jpg

Using curl to negotiate with Falcon UI URL has no issues.

ROOT CAUSE: User is not using kerberos to authenticate

RESOLUTION: In order to access the Falcon UI after enabling kerberos, user needs to authenticate using SPNEGO to negotiate with kerberos not with a user name and password.

Each browser supports SPNEGO, but configuration is different for each browser. Safari needs no further configuration.

After configuring your browser to negotiate using SPNEGO, user must kinit and can try to access the Falcon UI again.

1,034 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 06:30 AM
Updated by:
 
Contributors
Top Kudoed Authors