Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDP 2.5: Ranger via Knox SSO, Login redirect issue

HDP 2.5: Ranger via Knox SSO, Login redirect issue

New Contributor

I have installed and started both Ranger and Knox in our cluster.

Knox Ranger Plugin enabled in the Ranger and Knox SSO enabled in Ranger Advanced configuration settings.

Knox SSO applied perfectly in Ranger Admin UI but when I can not able to login using the username and password in the Demo LDAP server.

user: guest

pass: guest-password.

11816-knox-sso.png

I have verified the knox gateway.log and could not find any error,

2017-01-27 06:48:29,286 INFO service.knoxsso (WebSSOResource.java:getAuthenticationToken(179)) - About to redirect to original URL

I got the above message once click on the "Sign in" button in Knox SSO login page. Knox trying to redirect to original URL (Ranger URL) but nothing happened after that.

I could not see the main page (Service Manager page) in Ranger using Knox SSO.

Thanks,

Uvaraj.S

7 REPLIES 7

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

Super Collaborator

Have you checked the topology configuration in 'Advanced topology' on Ambari Knox Config ?

11818-screen-shot-2017-01-27-at-14105-pm.png

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

@Uvaraj Seerangan

Can you please cross check your settings by following my article at https://community.hortonworks.com/articles/78361/configure-knox-to-access-ambari-ui.html

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

New Contributor
@apappu

The link you have provided is about UI access using Knox Gateway but question I have posted about Knox SSO. So please let me know if there any resource about Knox SSO. I have followed the below link but login redirect is not working,

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/setting_up_knox_sso_for...

Thanks,

Uvaraj.S

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

New Contributor

@Jasper

Yes I have checked the Knox "Advanced topology", it seems fine and I can able to see Knox SSO login screen when land into Ranger Admin UI.

The problem is after entered the valid username and password, it has to land into Ranger Service Manager page but it did not happen and no error in the log.

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

New Contributor

Did you ever find a solution for this problem? I'm facing a similar issue.

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

New Contributor

hey,did u able to resolve this issue?

Highlighted

Re: HDP 2.5: Ranger via Knox SSO, Login redirect issue

Rising Star

@Uvaraj Seerangan

Three things that can go wrong here.

1) The KnoxSSO expects a valid hostname with domain name, as the cookie will be set for that specific domain. So your hostname needs to be in format "{somehost}.{someorganisation}.{someTLD}", e.g. knoxhost.example.com. You can achieve this by making an extra entry in your /etc/hosts file at all the participating nodes in SSO e.g. Ambari, Ranger, Knox, etc.

2) You need to provide Knox SSL certificate as "SSO Public Key" value in Ranger Config. Easiest way to get it, is below command. Paste the content between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" as "SSO Public Key" value.

openssl s_client -connect knoxhost.example.com:8443</dev/null| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> knoxssoRanger.crt

3) Increase the value of "knoxsso.token.ttl" property inside Advanced Knoxsso Topplogy sufficiently.

Don't have an account?
Coming from Hortonworks? Activate your account here