Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

SAM Knox SSO HDP 3.1.0 and HDF 3.4.0 Doesn't Work

Highlighted

SAM Knox SSO HDP 3.1.0 and HDF 3.4.0 Doesn't Work

Rising Star

Can someone point me to the documentation for Single Sign on Support in SAM. Can't find it mentioned anywhere and I can't get it working. I see in the streamline.log where it saw the hadoop-jwt cookie and extracted my username but every call in the ui just returns this error.

{"responseMessage":"Not authorized"}


Adding some debug logs I can see everything seems to have authenticated.

INFO   [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  authentication request received...
INFO   [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  hadoop-jwt cookie has been found and is being processed
DEBUG  [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token is in a SIGNED state
DEBUG  [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token signature is not null
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token has been successfully verified
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  JWT token expiration date has been successfully validated
INFO   [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  USERNAME: sweeks
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler -  Issuing AuthenticationToken for user.
DEBUG  [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.AuthenticationFilter -  Request [http://hdp31-df1.dev.example.com:7777/api/v1/config/streamline] user [sweeks] authenticated
DEBUG  [2019-03-29 09:38:39.630] [dw-67 - GET /api/v1/config/streamline] c.h.s.s.s.a.StreamlineKerberosRequestFilter -  Method: GET, AuthType: jwt, RemoteUser: sweeks, UserPrincipal: u=sweeks&p=sweeks&t=jwt&e=1553870349626, Scheme: http
1 REPLY 1

Re: SAM Knox SSO HDP 3.1.0 and HDF 3.4.0 Doesn't Work

Rising Star

So it turns out the patch for this hasn't been merged into HDF 3.4.0 yet and despite Ambari enabling SSO for SAM it's broken. See https://github.com/hortonworks/streamline/issues/1330

Don't have an account?
Coming from Hortonworks? Activate your account here