Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Error integration AD with Zeppelin - shiro.ini

Error integration AD with Zeppelin - shiro.ini

New Contributor

HI everyone,

I am working with zeppelin Zeppelin 0.7.0

I configure the shiro.ini in that way

activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername =          

#activeDirectoryRealm.systemPassword =
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com
activeDirectoryRealm.url = ldaps://
activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1"
activeDirectoryRealm.authorizationCachingEnabled = true

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

role1 = *
role2 = *
role3 = *
admin = *
zeppelingroup1 = *

When i tried to log in zeppelin it appears a user or password incorrect.

In the zeppelin logs appear

 WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15}[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""}
ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15}[postLogin]:107) - Exception in login:
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.
        at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(
        at org.apache.shiro.mgt.DefaultSecurityManager.login(
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(
        at java.lang.reflect.Method.invoke(

Any help with this error, please?

Thanks in advance


Re: Error integration AD with Zeppelin - shiro.ini

New Contributor

Carlos, If you are using HDP 2.6 / Zeppelin 0.7.0 and upper use the following guide:

Best regards.


Re: Error integration AD with Zeppelin - shiro.ini


Hi Carlos,

my guess is that you need to put values for activeDirectoryRealm.systemUsername and activeDirectoryRealm.systemPassword for zeppelin to be able to use your AD


Don't have an account?
Coming from Hortonworks? Activate your account here