Support Questions
Find answers, ask questions, and share your expertise

SAM Knox SSO HDP 3.1.0 and HDF 3.4.0 Doesn't Work

Rising Star

Can someone point me to the documentation for Single Sign on Support in SAM. Can't find it mentioned anywhere and I can't get it working. I see in the streamline.log where it saw the hadoop-jwt cookie and extracted my username but every call in the ui just returns this error.

{"responseMessage":"Not authorized"}

Adding some debug logs I can see everything seems to have authenticated.

INFO   [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  authentication request received...
INFO   [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  hadoop-jwt cookie has been found and is being processed
DEBUG  [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token is in a SIGNED state
DEBUG  [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token signature is not null
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token has been successfully verified
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token expiration date has been successfully validated
INFO   [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  USERNAME: sweeks
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  Issuing AuthenticationToken for user.
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.AuthenticationFilter -  Request [] user [sweeks] authenticated
DEBUG  [2019-03-29 09:38:39.630] [dw-67 - GET /api/v1/config/streamline] c.h.s.s.s.a.StreamlineKerberosRequestFilter -  Method: GET, AuthType: jwt, RemoteUser: sweeks, UserPrincipal: u=sweeks&p=sweeks&t=jwt&e=1553870349626, Scheme: http

Rising Star

So it turns out the patch for this hasn't been merged into HDF 3.4.0 yet and despite Ambari enabling SSO for SAM it's broken. See

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.