Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

knoxsso for atlas doesnot redirecting back to Atlas UI post authentication

Labels:
VijayM
Explorer

Created ‎02-13-2018 12:38 PM

Team,

Below find cluster details.

HDP: 2.6.3

Ambari: 2.6

knoxSSO: Integrated with openldap

Issue:

Configured knox sso for atlas as per hortonworks doc. While opening UI for atlas is redirected to knoxsso for authentication and after enter the admin credential it does not redirecting back to atlas UI.

Same configuration working for Ranger with knoxSSO.

knox and Ranger installed on same host i.e. vijayhdp-1.novalocal

atlas installed on host vijayblue-1.novalocal.

knox gateway audit throws below messages.

18/02/13 12:12:26 ||b1f13de8-cc81-4603-b5d9-c0b09ecc6873|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://10.20.14.122:21000/|unavailable|Request method: GET

18/02/13 12:12:26 ||b1f13de8-cc81-4603-b5d9-c0b09ecc6873|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://10.20.14.122:21000/|success|Response status: 401

18/02/13 12:12:26 ||90debaef-174c-49be-bba9-1a53eb16969a|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://10.20.14.122:21000/|unavailable|Request method: GET

18/02/13 12:12:26 ||90debaef-174c-49be-bba9-1a53eb16969a|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://10.20.14.122:21000/|success|

18/02/13 12:12:26 ||90debaef-174c-49be-bba9-1a53eb16969a|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://10.20.14.122:21000/|success|Response status: 200

18/02/13 12:12:26 ||678336e9-b059-4dac-ab3f-439aaede2960|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|unavailable|Request method: GET

18/02/13 12:12:26 ||678336e9-b059-4dac-ab3f-439aaede2960|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|

18/02/13 12:12:26 ||ffbd7fc7-6ec5-415d-9edb-9f1da4fe4d8d|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|unavailable|Request method: GET

18/02/13 12:12:26 ||ffbd7fc7-6ec5-415d-9edb-9f1da4fe4d8d|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success| 18/02/13 12:12:26 ||ffbd7fc7-6ec5-415d-9edb-9f1da4fe4d8d|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|Response status: 200

18/02/13 12:12:26 ||678336e9-b059-4dac-ab3f-439aaede2960|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|Response status: 200

18/02/13 12:12:31 ||6dab50ce-a19a-4a4d-bef2-4d9947a769d3|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://10.20.14.122:21000/|unavailable|Request method: POST

Knox Gateway log shows below messages:

2018-02-13 12:12:31,522 INFO hadoop.gateway (KnoxLdapRealm.java:getUserDn(691)) - Computed userDn: uid=admin,ou=People,dc=novalocal using dnTemplate for principal: admin 2018-02-13 12:12:31,533 WARN service.knoxsso (WebSSOResource.java:init(102)) - The SSO cookie SecureOnly flag is set to FALSE and is therefore insecure. 2018-02-13 12:12:31,535 INFO service.knoxsso (WebSSOResource.java:getCookieValue(318)) - Unable to find cookie with name: original-url 2018-02-13 12:12:31,540 INFO service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(292)) - JWT cookie successfully added. 2018-02-13 12:12:31,540 INFO service.knoxsso (WebSSOResource.java:getAuthenticationToken(202)) - About to redirect to original URL: http://10.20.14.122:21000/

Kindly help me to fix the issue.

- Vijay Mishra

2,683 Views
0 Kudos
15 REPLIES 15

nixonrodrigues
Expert Contributor

Created ‎02-19-2018 07:00 AM

@Vijay Mishra

You are trying to access Atlas with IP ie 

(WebSSOResource.java:getAuthenticationToken(202)) - About to redirect to original URL: http://10.20.14.122:21000/


Please use FQDN URL, since the cookie drop by knoxSSO should be validated by Atlas Server, so the hadoop_JWT cookie needs to be in the same domain of Atlas and also use FQDN for the configuration where ever required.

2,252 Views
0 Kudos

VijayM
Explorer

Created ‎02-19-2018 11:03 AM

@Nixon Rodrigues,

Cluster do not resolve using DNS, it only resolves using hosts file. Can not open atlas UI through FQDN.

Is there any way we can get this?

- Vijay Mishra

2,252 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-19-2018 12:09 PM

@Vijay Mishra

it only resolves using hosts file,

adding entry of IP to fqdn in /etc/hosts, is one way, so that domain name can be resolved.

other way is to ask your network administrator to add entry in DNS server.

Hope you your problem is resolved, you can close the thread if it helped.

2,252 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 12:55 PM

@Nixon Rodrigues

I have update hosts file on my laptop from where i was accessing UI;'s of atlas and now IP with hostname getting resolved. But still post authentication its not going to atlas UI. below log from knox gateway audit.

18/02/20 12:54:14 ||2d4dad1e-3a13-4156-9349-4031a7e59f0c|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: POST 18/02/20 12:54:14 ||2d4dad1e-3a13-4156-9349-4031a7e59f0c|audit|10.20.6.215|KNOXSSO|admin|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/20 12:54:14 ||2d4dad1e-3a13-4156-9349-4031a7e59f0c|audit|10.20.6.215|KNOXSSO|admin|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Groups: [] 18/02/20 12:54:14 ||2d4dad1e-3a13-4156-9349-4031a7e59f0c|audit|10.20.6.215|KNOXSSO|admin|||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 303 18/02/20 12:54:14 ||c5531943-b3c2-4a5c-8fd7-4b6c7b4e9299|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/20 12:54:14 ||c5531943-b3c2-4a5c-8fd7-4b6c7b4e9299|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/20 12:54:14 ||c5531943-b3c2-4a5c-8fd7-4b6c7b4e9299|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200 18/02/20 12:54:14 ||00f7734e-8118-4bb7-b760-1846c0cc75ef|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|unavailable|Request method: GET 18/02/20 12:54:14 ||00f7734e-8118-4bb7-b760-1846c0cc75ef|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success| 18/02/20 12:54:14 ||a180854c-c195-43bb-8842-286b58effd2d|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|unavailable|Request method: GET 18/02/20 12:54:14 ||a180854c-c195-43bb-8842-286b58effd2d|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success| 18/02/20 12:54:14 ||a180854c-c195-43bb-8842-286b58effd2d|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|Response status: 200 18/02/20 12:54:14 ||00f7734e-8118-4bb7-b760-1846c0cc75ef|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|Response status: 200 18/02/20 12:54:14 ||9c0fe403-0195-4942-ad37-8527483b560c|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET 18/02/20 12:54:14 ||9c0fe403-0195-4942-ad37-8527483b560c|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success| 18/02/20 12:54:14 ||9c0fe403-0195-4942-ad37-8527483b560c|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200 18/02/20 12:54:14 ||e3f289dc-3296-4f97-8b33-a0e7037df41b|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/20 12:54:14 ||e3f289dc-3296-4f97-8b33-a0e7037df41b|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/20 12:54:14 ||e3f289dc-3296-4f97-8b33-a0e7037df41b|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200 18/02/20 12:54:14 ||18824e09-0940-4068-953f-be82fd01385b|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET 18/02/20 12:54:14 ||18824e09-0940-4068-953f-be82fd01385b|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success| 18/02/20 12:54:14 ||18824e09-0940-4068-953f-be82fd01385b|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200 18/02/20 12:54:14 ||0ed28473-80ec-4430-b0b2-2dadaf4b3000|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/20 12:54:14 ||0ed28473-80ec-4430-b0b2-2dadaf4b3000|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 401 18/02/20 12:54:14 ||715f2cfe-bfad-4a89-9dc6-f82fa3928455|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/20 12:54:14 ||715f2cfe-bfad-4a89-9dc6-f82fa3928455|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/20 12:54:14 ||715f2cfe-bfad-4a89-9dc6-f82fa3928455|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200 18/02/20 12:54:14 ||d47ddca3-c780-48a1-a5c8-cd8bf06746e9|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|unavailable|Request method: GET 18/02/20 12:54:14 ||2f3236f6-b825-4272-97e9-033c3057e3ea|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|unavailable|Request method: GET 18/02/20 12:54:14 ||d47ddca3-c780-48a1-a5c8-cd8bf06746e9|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success| 18/02/20 12:54:14 ||2f3236f6-b825-4272-97e9-033c3057e3ea|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success| 18/02/20 12:54:14 ||d47ddca3-c780-48a1-a5c8-cd8bf06746e9|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|Response status: 200 18/02/20 12:54:14 ||2f3236f6-b825-4272-97e9-033c3057e3ea|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|Response status: 200

- Vijay Mishra

2,252 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-20-2018 02:07 PM

@Vijay Mishra

can you share the atlas-application.properties file from atlas conf

2,252 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-20-2018 02:07 PM

@Vijay Mishra

can you share the atlas-application.properties file from atlas conf

2,252 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 02:14 PM

@Nixon Rodrigues,

Kindly find attached file as asked.

- Vijay Mishra

2,252 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 02:14 PM

atlas-application.txt

Preview file
7 KB
2,252 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 02:16 PM

@Nixon Rodrigues,

also attached knox sso xml file

- Vijay Mishraknoxsso.txt

Preview file
4 KB
2,252 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-20-2018 02:21 PM

Thanks , Also provide atlas application.log file from logs when you try login.

1,638 Views
0 Kudos

VijayM
Explorer

Created ‎02-21-2018 08:17 AM

@Nixon Rodrigues,

I did the needful as you suggested in hosts file of cluster and hosts file on laptop. Below snap for the same.

IP vijayhdp-1.novalocal vijayhdp-1.novalocal.com vijayhdp-1

IP vijayhdp-2.novalocal vijayhdp-2.novalocal.com vijayhdp-2

IP vijayhdp-3.novalocal vijayhdp-3.novalocal.com vijayhdp-3

#Atlas

IP vijayblue-1.novalocal vijayblue-1.novalocal.com vijayblue-1

and updated atlas config for below

atlas.sso.knox.providerurl=https://vijayhdp-1.novalocal.com:8443/gateway/knoxsso/api/v1/websso

reagrding atlas.rest.address TO http://vijayblue-1.novalocal.com:21000, its not taking it even changed from ambari.

Other problem i can see, since its kerberos enabled cluster. SPN for vijayhdp-1.novalocal.com and vijayblue-1.novalocal.com not created by ambari which creates authorization issues in ambari infra.

Did all as per ur suggestion but still its not going back to original URL post authentication.

Below log from gateway-audit.log

18/02/21 08:17:37 ||013a620b-1f64-419c-9b40-d4c00b15231b|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: POST 18/02/21 08:17:37 ||013a620b-1f64-419c-9b40-d4c00b15231b|audit|10.20.6.215|KNOXSSO|admin|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/21 08:17:37 ||013a620b-1f64-419c-9b40-d4c00b15231b|audit|10.20.6.215|KNOXSSO|admin|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Groups: [] 18/02/21 08:17:37 ||013a620b-1f64-419c-9b40-d4c00b15231b|audit|10.20.6.215|KNOXSSO|admin|||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 303 18/02/21 08:17:38 ||39a0d038-bcf7-4305-9104-e458347b7102|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/21 08:17:38 ||39a0d038-bcf7-4305-9104-e458347b7102|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/21 08:17:38 ||39a0d038-bcf7-4305-9104-e458347b7102|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200 18/02/21 08:17:38 ||a429b64f-7cb2-495b-a883-262badd295f3|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET 18/02/21 08:17:38 ||a429b64f-7cb2-495b-a883-262badd295f3|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success| 18/02/21 08:17:38 ||a429b64f-7cb2-495b-a883-262badd295f3|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200 18/02/21 08:17:38 ||fe8a0150-8104-431f-b7f0-6082dcba6033|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/21 08:17:38 ||fe8a0150-8104-431f-b7f0-6082dcba6033|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/21 08:17:38 ||fe8a0150-8104-431f-b7f0-6082dcba6033|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200 18/02/21 08:17:38 ||1419fbce-1ae7-490b-9384-3c64915ef3e4|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET 18/02/21 08:17:38 ||1419fbce-1ae7-490b-9384-3c64915ef3e4|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success| 18/02/21 08:17:38 ||1419fbce-1ae7-490b-9384-3c64915ef3e4|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200 18/02/21 08:17:38 ||c4579d3e-32cb-4669-919c-a11f5f320ff0|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/21 08:17:38 ||c4579d3e-32cb-4669-919c-a11f5f320ff0|audit|10.20.6.215|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 401 18/02/21 08:17:38 ||69161d4d-2705-41f9-8c50-ad1a7ae2a34a|audit|10.20.6.215|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|unavailable|Request method: GET 18/02/21 08:17:38 ||69161d4d-2705-41f9-8c50-ad1a7ae2a34a|audit|10.20.6.215|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|success| 18/02/21 08:17:38 ||69161d4d-2705-41f9-8c50-ad1a7ae2a34a|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200

- Vijay Mishra

1,638 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-20-2018 02:37 PM 

atlas.sso.knox.providerurl=https://vijayhdp-1.novalocal:8443/gateway/knoxsso/api/v1/websso
atlas.rest.address=http://vijayblue-1.novalocal:21000

Both Atlas domain & Knox are a different domain, so can you add alias in /etc/hosts file on Atlas and knox instance.

IP1 vijayhdp-1.novalocal vijayhdp-1.novalocal.com vijayhdp-1

IP2 vijayhdp-2.novalocal vijayhdp-2.novalocal.com vijayhdp-2

atlas.sso.knox.providerurl=https://vijayhdp-1.novalocal.com:8443/gateway/knoxsso/api/v1/websso
atlas.rest.address=http://vijayblue-1.novalocal.com:21000
1,638 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 03:00 PM

@Nixon Rodrigues,

I will work on it as you suggested above.

regarding logs which u asked mentioned below.

1. Nothing gets updated in atlas application.log when i open atlas UI in browser and enter knox credential.

2. kindly find below knox gateway-audit.log

3. Also find below knox gateway log

gatway.log

2018-02-20 14:43:36,541 INFO hadoop.gateway (KnoxLdapRealm.java:getUserDn(691)) - Computed userDn: uid=admin,ou=People,dc=novalocal using dnTemplate for principal: admin

2018-02-20 14:43:36,548 INFO service.knoxsso (WebSSOResource.java:getCookieValue(318)) - Unable to find cookie with name: original-url

2018-02-20 14:43:36,551 INFO service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(292)) - JWT cookie successfully added.

2018-02-20 14:43:36,551 INFO service.knoxsso (WebSSOResource.java:getAuthenticationToken(202)) - About to redirect to original URL: http://vijayblue-1.novalocal:21000/

gateway-audit.log - Attached

- Vijay Mishra

1,638 Views
0 Kudos

VijayM
Explorer

Created ‎02-20-2018 03:00 PM

gateway-audit.txt

Preview file
9 KB
1,638 Views
0 Kudos

nixonrodrigues
Expert Contributor

Created ‎02-21-2018 11:19 AM

@Vijay Mishra

The authentication at knox gateway is going fine but the originalUrl that is passed is wrong should contains .com which you appended in etc/hosts, try accessing with url -> http://vijayblue-1.novalocal.com:21000

ad1a7ae2a34a|audit|10.20.6.215|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=http://vijayblue-1.novalocal:21000/|success|Response status: 200

you can revert the atlas.rest.address propertybut dont access Atlas from Ambari dashboard QuickLinks.

HTH

1,638 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements