Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox SSO - Shiro unable to login

Highlighted

Knox SSO - Shiro unable to login

New Contributor

I am trying to configure Knox 0.12 on HDP 2.6.1 for Active Directory authentication, based on Hortonworks documentation and community forum reference https://community.hortonworks.com/articles/114601/how-to-configure-and-troubleshoot-a-knox-topology....

Issue#1

On advance admin topology, configured necessary parameters based on above document and when i execute curl statement, getting "HTTP/1.1 403 Forbidden" error. When i checked the gateway.log, Computed userDn and Computed roles/groups are proper and matches with my LDAP setup. But then it is errors out and couldn't find where it fails.

Issue#2

On KnoxSSO topology, i am using userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...)

This fails with error

2018-05-25 10:09:30,022 INFO hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(203)) - Could not login: org.apache.shiro.authc.UsernamePasswordToken - <sAMAccountName>

2018-05-25 10:09:30,023 ERROR hadoop.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(205)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]

Appreciate the community help for the steps to fix the issue

1 REPLY 1

Re: Knox SSO - Shiro unable to login

New Contributor

I am having the same error. Any help will be appreciated.