Support Questions
Find answers, ask questions, and share your expertise

Is it possible to authenticate to Zeppelin REST API using just Kerberos? How?

Is it possible to authenticate to Zeppelin REST API using just Kerberos? How?

Explorer

I'm trying to simply run all paragraphs with a specific noteId and get a valid response, with the following call:

 

 

 

curl -s -i  --negotiate -u : \
    -H "Content-Type: application/json" \
    -H "Accept: application/json" \
    "https://localhost:9995/api/notebook/job/<noteid>"

 

 

 

Which based on the Zeppelin API documentation is the correct URL for the POST method for running all paragraphs of a note.

 

Also since this is a Kerberized environment I'm leveraging the 

 

 

--negotiate -u :

 

 

so it uses the appropriate keytab for authentication.

 

Like other cases I've found online, I get an HTTP 302 error and the redirect is to /api/login

 

 

HTTP/1.1 302 Found
Date: Tuesday, May 19, 2020 12:35:03 PM EDT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
X-FRAME-OPTIONS: SAMEORIGIN
Strict-Transport-Security: max-age=631138519
X-XSS-Protection: 1
Set-Cookie: JSESSIONID=776ba082-58e9-47bd-ad55-b85768c50a75; Path=/; HttpOnly
Location: https://localhost:9995/api/login;JSESSIONID=776ba082-58e9-47bd-ad55-b85768c50a75

 

 

 

When trying to authenticate to /api/login just using Kerberos credentials as https://community.cloudera.com/t5/Support-Questions/Authentication-with-the-Zeppelin-REST-API/td-p/1...:

 

 

curl -i --negotiate -u : -X POST "https://localhost:9995/api/login"

 

 

I get the following response:

 

 

HTTP/1.1 500 Request failed.
Date: Tuesday, May 19, 2020 12:19:12 PM EDT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
X-FRAME-OPTIONS: SAMEORIGIN
Strict-Transport-Security: max-age=631138519
X-XSS-Protection: 1
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Mon, 18-May-2020 16:19:12 GMT
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 305
Server: Jetty(9.2.15.v20160210)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 500 Request failed.</title>
</head>
<body><h2>HTTP ERROR 500</h2>
<p>Problem accessing /api/login. Reason:
<pre>    Request failed.</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html>

 

 

 

What am I doing wrong here? Is it even possible to access Zeppelin REST API with just Kerberos credentials? If so, how?