Can someone point me to the documentation for Single Sign on Support in SAM. Can't find it mentioned anywhere and I can't get it working. I see in the streamline.log where it saw the hadoop-jwt cookie and extracted my username but every call in the ui just returns this error.
{"responseMessage":"Not authorized"}
Adding some debug logs I can see everything seems to have authenticated.
INFO [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - authentication request received...
INFO [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - hadoop-jwt cookie has been found and is being processed
DEBUG [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - JWT token is in a SIGNED state
DEBUG [2019-03-29 09:38:39.621] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - JWT token signature is not null
DEBUG [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - JWT token has been successfully verified
DEBUG [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - JWT token expiration date has been successfully validated
INFO [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - USERNAME: sweeks
DEBUG [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.JWTAuthenticationHandler - Issuing AuthenticationToken for user.
DEBUG [2019-03-29 09:38:39.626] [dw-67] c.h.r.a.s.AuthenticationFilter - Request [http://hdp31-df1.dev.example.com:7777/api/v1/config/streamline] user [sweeks] authenticated
DEBUG [2019-03-29 09:38:39.630] [dw-67 - GET /api/v1/config/streamline] c.h.s.s.s.a.StreamlineKerberosRequestFilter - Method: GET, AuthType: jwt, RemoteUser: sweeks, UserPrincipal: u=sweeks&p=sweeks&t=jwt&e=1553870349626, Scheme: http