Support Questions

mcas_uvaraj · ‎01-27-2017

I have installed and started both Ranger and Knox in our cluster.

Knox Ranger Plugin enabled in the Ranger and Knox SSO enabled in Ranger Advanced configuration settings.

Knox SSO applied perfectly in Ranger Admin UI but when I can not able to login using the username and password in the Demo LDAP server.

user: guest

pass: guest-password.

I have verified the knox gateway.log and could not find any error,

2017-01-27 06:48:29,286 INFO service.knoxsso (WebSSOResource.java:getAuthenticationToken(179)) - About to redirect to original URL

I got the above message once click on the "Sign in" button in Knox SSO login page. Knox trying to redirect to original URL (Ranger URL) but nothing happened after that.

I could not see the main page (Service Manager page) in Ranger using Knox SSO.

Thanks,

Uvaraj.S

jknulst · ‎01-27-2017

Have you checked the topology configuration in 'Advanced topology' on Ambari Knox Config ?

apappu · ‎01-27-2017

@Uvaraj Seerangan

Can you please cross check your settings by following my article at https://community.hortonworks.com/articles/78361/configure-knox-to-access-ambari-ui.html

mcas_uvaraj · ‎01-30-2017

@apappu

The link you have provided is about UI access using Knox Gateway but question I have posted about Knox SSO. So please let me know if there any resource about Knox SSO. I have followed the below link but login redirect is not working,

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/setting_up_knox_sso_for...

Thanks,

Uvaraj.S

mcas_uvaraj · ‎01-30-2017

@Jasper

Yes I have checked the Knox "Advanced topology", it seems fine and I can able to see Knox SSO login screen when land into Ranger Admin UI.

The problem is after entered the valid username and password, it has to land into Ranger Service Manager page but it did not happen and no error in the log.

localscripte · ‎06-13-2017

Did you ever find a solution for this problem? I'm facing a similar issue.

soumya_swain2 · ‎08-11-2017

hey,did u able to resolve this issue?

WhiteHa · ‎08-18-2017

@Uvaraj Seerangan

Three things that can go wrong here.

1) The KnoxSSO expects a valid hostname with domain name, as the cookie will be set for that specific domain. So your hostname needs to be in format "{somehost}.{someorganisation}.{someTLD}", e.g. knoxhost.example.com. You can achieve this by making an extra entry in your /etc/hosts file at all the participating nodes in SSO e.g. Ambari, Ranger, Knox, etc.

2) You need to provide Knox SSL certificate as "SSO Public Key" value in Ranger Config. Easiest way to get it, is below command. Paste the content between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" as "SSO Public Key" value.

openssl s_client -connect knoxhost.example.com:8443</dev/null| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> knoxssoRanger.crt

3) Increase the value of "knoxsso.token.ttl" property inside Advanced Knoxsso Topplogy sufficiently.

Support Questions

HDP 2.5: Ranger via Knox SSO, Login redirect issue