Support Questions
Find answers, ask questions, and share your expertise

Error integration AD with Zeppelin - shiro.ini

Error integration AD with Zeppelin - shiro.ini

New Contributor

HI everyone,

I am working with zeppelin Zeppelin 0.7.0

I configure the shiro.ini in that way

activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername =          

#activeDirectoryRealm.systemPassword =
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com
activeDirectoryRealm.url = ldaps://
activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1"
activeDirectoryRealm.authorizationCachingEnabled = true

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

role1 = *
role2 = *
role3 = *
admin = *
zeppelingroup1 = *

When i tried to log in zeppelin it appears a user or password incorrect.

In the zeppelin logs appear

 WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15}[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""}
ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15}[postLogin]:107) - Exception in login:
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.
        at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(
        at org.apache.shiro.mgt.DefaultSecurityManager.login(
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(
        at java.lang.reflect.Method.invoke(

Any help with this error, please?

Thanks in advance


Re: Error integration AD with Zeppelin - shiro.ini

New Contributor

Carlos, If you are using HDP 2.6 / Zeppelin 0.7.0 and upper use the following guide:

Best regards.


Re: Error integration AD with Zeppelin - shiro.ini


Hi Carlos,

my guess is that you need to put values for activeDirectoryRealm.systemUsername and activeDirectoryRealm.systemPassword for zeppelin to be able to use your AD