Support Questions

Hello Team,

Our environment consist of Ambari-2.7 and HDP-3.1. We have synced AD/LDAP users in Ambari.

Using 'ambari-server setup-sso' command, we have setup KnoxSSO for Ambari. But when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway UI screen as shown below:

The gateway.log shows Authentication successful message but still its redirecting again to login page.

Here is the content of gateway.log file:

2019-03-14 11:26:06,049 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:createToken(308)) - Attempting to execute login with headers [Basic aGRwdXNlcjpSZWRoYXRAMTIz]
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'hdpuser' through LDAP
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldap://WIN-N66EE.hdp.com:389] and principal [cn=hdpuser,ou=hdpcloud,dc=hdp,dc=com] with pooling disabled
2019-03-14 11:26:06,400 DEBUG realm.AuthenticatingRealm (AuthenticatingRealm.java:getAuthenticationInfo(569)) - Looked up AuthenticationInfo [hdpuser] from doGetAuthenticationInfo
2019-03-14 11:26:06,400 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(95)) - Performing credentials equality check for tokenCredentials of type [org.apache.shiro.crypto.hash.SimpleHash and accountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash]
2019-03-14 11:26:06,401 DEBUG credential.SimpleCredentialsMatcher (SimpleCredentialsMatcher.java:equals(101)) - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2019-03-14 11:26:06,401 DEBUG authc.AbstractAuthenticator (AbstractAuthenticator.java:authenticate(233)) - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - hdpuser, rememberMe=false (202.149.217.138)].  Returned account [hdpuser]
2019-03-14 11:26:06,401 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,402 DEBUG support.DefaultSubjectContext (DefaultSubjectContext.java:resolveSecurityManager(102)) - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,539 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/knoxsso; Max-Age=0; Expires=Wed, 13-Mar-2019 11:26:06 GMT]
2019-03-14 11:26:06,539 DEBUG mgt.AbstractRememberMeManager (AbstractRememberMeManager.java:onSuccessfulLogin(290)) - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
2019-03-14 11:26:06,540 DEBUG realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(234)) - No authorizationCache instance set.  Checking for a cacheManager...
2019-03-14 11:26:06,557 INFO  realm.AuthorizingRealm (AuthorizingRealm.java:getAuthorizationCacheLazy(248)) - No cache or cacheManager properties have been set.  Authorization cache cannot be obtained.
2019-03-14 11:26:35,316 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication required: sending 401 Authentication challenge response.

Attached KnoxSSO file for reference.knoxsso.txt

How to resolve it? Please suggest.

Thanks,

Bhushan