I have HCP 1.5 kerberised cluster setup on AWS under private VPC. I have configured AWS Loadbalancer to access my Storm UI component. I have setup kerberose client and configured my browser for sepngo authentication. However I am getting 403 error when accessing storm UI using loadbalancer. After analysis I found my browser client uses host name ( Load balancer's domain name) component in kerberose principle (HTTP/myLoadBalancerDns.us-east-1.elb.amazonaws.com@EXAMPLE.COM). I have created this principal and the successfully obtained tgt for this principal from my windows client using keytab file as well.
Seems authentication is going on but authorisation is having issue. What should be missing here ? I could see all the other storm components have an entry in `storm_jaas.conf` file in my storm installation file. Am I missing something here for the newly created principle ? How to configure spengo in storm for accessing over load balancer.