Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Error integration AD with Zeppelin - shiro.ini

Error integration AD with Zeppelin - shiro.ini

New Contributor

HI everyone,

I am working with zeppelin Zeppelin 0.7.0

I configure the shiro.ini in that way

activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername =          

#activeDirectoryRealm.systemPassword =
activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = CN=development,OU=DEV,DC=ad,DC=algo,DC=com
activeDirectoryRealm.url = ldaps://10.4.0.86:636
activeDirectoryRealm.groupRolesMap = "CN=ZeppelinGroup1,OU=DEV,DC=ad,DC=algo,DC=com":"ZeppelinGroup1"
activeDirectoryRealm.authorizationCachingEnabled = true

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[roles]
role1 = *
role2 = *
role3 = *
admin = *
zeppelingroup1 = *

When i tried to log in zeppelin it appears a user or password incorrect.

In the zeppelin logs appear

 WARN [2017-10-21 23:13:29,117] ({qtp1757293506-15} LoginRestApi.java[postLogin]:115) - {"status":"FORBIDDEN","message":"","body":""}
ERROR [2017-10-21 23:13:35,999] ({qtp1757293506-15} LoginRestApi.java[postLogin]:107) - Exception in login:
org.apache.shiro.authc.AuthenticationException: Authentication token of type [class org.apache.shiro.authc.UsernamePasswordToken] could not be authenticated by any configured realms.  Please ensure that at least one realm can authenticate these tokens.
        at org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy.afterAllAttempts(AtLeastOneSuccessfulStrategy.java:54)
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:235)
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
        at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
        at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:77)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

Any help with this error, please?

Thanks in advance

2 REPLIES 2
Highlighted

Re: Error integration AD with Zeppelin - shiro.ini

New Contributor

Carlos, If you are using HDP 2.6 / Zeppelin 0.7.0 and upper use the following guide:

https://community.hortonworks.com/articles/105169/hdp-26-configuring-zeppelin-for-active-directory-u...

Best regards.

Highlighted

Re: Error integration AD with Zeppelin - shiro.ini

Explorer

Hi Carlos,

my guess is that you need to put values for activeDirectoryRealm.systemUsername and activeDirectoryRealm.systemPassword for zeppelin to be able to use your AD

thanks

Don't have an account?
Coming from Hortonworks? Activate your account here