Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox SSO - Shiro unable to login

Knox SSO - Shiro unable to login

New Contributor

I am trying to configure Knox 0.12 on HDP 2.6.1 for Active Directory authentication, based on Hortonworks documentation and community forum reference


On advance admin topology, configured necessary parameters based on above document and when i execute curl statement, getting "HTTP/1.1 403 Forbidden" error. When i checked the gateway.log, Computed userDn and Computed roles/groups are proper and matches with my LDAP setup. But then it is errors out and couldn't find where it fails.


On KnoxSSO topology, i am using userDnTemplate where sAMAccountName is referred (sAMAccountName={0},ou=Accounts,...)

This fails with error

2018-05-25 10:09:30,022 INFO hadoop.gateway ( - Could not login: org.apache.shiro.authc.UsernamePasswordToken - <sAMAccountName>

2018-05-25 10:09:30,023 ERROR hadoop.gateway ( - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580]

Appreciate the community help for the steps to fix the issue


Re: Knox SSO - Shiro unable to login

New Contributor

I am having the same error. Any help will be appreciated.