Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Error integration AD with Zeppelin - shiro.ini

Labels:
avatar
author-rank czam01
Explorer

Created ‎10-21-2017 11:22 PM

HI everyone,

I am working with zeppelin Zeppelin 0.7.0

I configure the shiro.ini in that way 

activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername =          

#activeDirectoryRealm.systemPassword =
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com
activeDirectoryRealm.url = ldaps://10.4.0.86:636
activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1"
activeDirectoryRealm.authorizationCachingEnabled = true

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[roles]
role1 = *
role2 = *
role3 = *
admin = *
zeppelingroup1 = *

When i tried to log in zeppelin it appears a user or password incorrect.

In the zeppelin logs appear

 WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15} LoginRestApi.java[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""}
ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15} LoginRestApi.java[postLogin]:107) - Exception in login:
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.
        at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(AtLeastOneSuccessfulStrategy.java:54)
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:235)
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
        at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:77)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

Any help with this error, please?

Thanks in advance

3,768 Views
0 Kudos
2 REPLIES 2

avatar
author-rank leaxael
New Contributor

Created ‎10-23-2017 05:03 PM

Carlos, If you are using HDP 2.6 / Zeppelin 0.7.0 and upper use the following guide:

https://community.hortonworks.com/articles/105169/hdp-26-configuring-zeppelin-for-active-directory-u...

Best regards.

2,842 Views

avatar
author-rank manuel_sb
Explorer

Created ‎05-30-2018 07:27 AM

Hi Carlos,

my guess is that you need to put values for activeDirectoryRealm.systemUsername and activeDirectoryRealm.systemPassword for zeppelin to be able to use your AD

thanks

2,842 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements