Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox SSO not working for Ambari

Highlighted

Knox SSO not working for Ambari

Contributor

Hello Team,

Our environment consist of Ambari-2.7 and HDP-3.1. We have synced AD/LDAP users in Ambari.

Using 'ambari-server setup-sso' command, we have setup KnoxSSO for Ambari. But when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway UI screen as shown below:107183-1552563617676.png

The gateway.log shows Authentication successful message but still its redirecting again to login page.

Here is the content of gateway.log file:

2019-03-14 11:26:06,049 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:createToken(308)) - Attempting to execute login with headers [Basic aGRwdXNlcjpSZWRoYXRAMTIz]
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'hdpuser' through LDAP
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldap://WIN-N66EE.hdp.com:389] and principal [cn=hdpuser,ou=hdpcloud,dc=hdp,dc=com] with pooling disabled
2019-03-14 11:26:06,400 DEBUG realm.AuthenticatingRealm (AuthenticatingRealm.java:getAuthenticationInfo(569)) - Looked up AuthenticationInfo [hdpuser] from doGetAuthenticationInfo
2019-03-14 11:26:06,400 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(95)) - Performing credentials equality check for tokenCredentials of type [org.apache.shiro.crypto.hash.SimpleHash and accountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash]
2019-03-14 11:26:06,401 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(101)) - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2019-03-14 11:26:06,401 DEBUG authc.AbstractAuthenticator (AbstractAuthenticator.java:authenticate(233)) - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - hdpuser, rememberMe=false (202.149.217.138)].  Returned account [hdpuser]
2019-03-14 11:26:06,401 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,402 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,539 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/knoxsso; Max-Age=0; Expires=Wed, 13-Mar-2019 11:26:06 GMT]
2019-03-14 11:26:06,539 DEBUG mgt.AbstractRememberMeManager (AbstractRememberMeManager.java:onSuccessfulLogin(290)) - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
2019-03-14 11:26:06,540 DEBUG realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(234)) - No authorizationCache instance set.  Checking for a cacheManager...
2019-03-14 11:26:06,557 INFO  realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(248)) - No cache or cacheManager properties have been set.  Authorization cache cannot be obtained.
2019-03-14 11:26:35,316 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication required: sending 401 Authentication challenge response.
















Attached KnoxSSO file for reference.knoxsso.txt


How to resolve it? Please suggest.


Thanks,

Bhushan