Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Unable to access Falcon UI in kerberized environment, requests to verify user name and password

Labels (1)
Labels:
avatar
author-rank zstai
Contributor

Created on ‎12-28-2016 11:05 PM - edited ‎08-17-2019 06:30 AM

HDP Environment:

Secure cluster (kerberos enabled)

Users managed by Active Directory (AD)

SYMPTOMS:

When user tries to access the Falcon UI with the following address, they are prompted to enter their username and password:

http://<falcon server host>:15000/index.html?user.name=admin#/

After entering the correct AD username and password, user gets this exception in the UI:

10888-falcon-web-ui.jpg

Using curl to negotiate with Falcon UI URL has no issues.

ROOT CAUSE: User is not using kerberos to authenticate

RESOLUTION: In order to access the Falcon UI after enabling kerberos, user needs to authenticate using SPNEGO to negotiate with kerberos not with a user name and password.

Each browser supports SPNEGO, but configuration is different for each browser. Safari needs no further configuration.

After configuring your browser to negotiate using SPNEGO, user must kinit and can try to access the Falcon UI again.

1,817 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements
Version history
Last update:
‎08-17-2019 06:30 AM
Updated by:
Contributor
Contributors