Support Questions
Find answers, ask questions, and share your expertise

Knox LDAP cache - Forbidden after second try.

Expert Contributor

Hi,

For the first time I send a request via curl over Knox I got response HTTP 200, but if I send the same request again and again, I got HTTP error 403 Forbidden. After some time the response is HTTP 200 again. It is caused by Knox LDAP cache - if I turn off that cache I do not have this problem (the param is: main.ldapRealm.authenticationCachingEnabled). How to resolve this problem having cache enabled?

Thank you.

3 REPLIES 3

Re: Knox LDAP cache - Forbidden after second try.

Explorer

Hi, please provide some more information so that we can help diagnose the issue. What release of knox are you using? Can you share your topology file and the related excerpt from gateway.log? If you can turn on debug logging and capture that log information it would be great.

Re: Knox LDAP cache - Forbidden after second try.

Contributor

In addition to what Sumit has requested, please check the gateway-audit.log to see where the 403 is coming from. It is either from the backend service or from the gateway itself. The audit log should shed some light on that.

Re: Knox LDAP cache - Forbidden after second try.

Expert Contributor

Thank you for responses. The problem is that I have limit exceeded problem when I do not use group filter (over 1000 groups in AD). I use my own class with group filter, because Knox does not suport it anyway. From Gateway-audit.log: For the first try I obtain my groups for users successfully, but for the second time I do not obtain groups for my user.