Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

schema registry ui not accesible

arunpoy
Guru

Created ‎10-04-2017 07:32 AM

I have co hosted both HDP and HDF using the same ambari. the cluster is kerberised too. After installing schema registry of HDF, i am not able to access the UI. I am prompted for a user name/password. I tried some kerberos principals and passwords, but none of them worked. i do see an error like this. IS there a way to avoid this or even skip kerberos for the registry UI.

Ambari used is 2.5.2

HDf - 3.0

HTTP ERROR 403

Problem accessing /. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
1,991 Views
0 Kudos
3 REPLIES 3

jsensharma
Super Mentor

Created ‎10-04-2017 07:47 AM

@ARUN

After setting the Kerberos , Have you also enabled SPNEGO? If yes then please check if on your Browser (like FireFox) you have set the below properties as well?

network.negotiate-auth.trusted-uris
network.auth.use-sspi false 
network.negotiate-auth.delegation-uris

.

As mentioned in the following link: https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Ker...

1,520 Views
0 Kudos

arunpoy
Guru

Created ‎10-04-2017 07:55 AM

@Jay SenSharma, i didnt enable spnego for any of the services. other service ui's i am able to access without any issues. Is there a way to disable spnego for registry alone, i couldn't find that option in ambari

1,520 Views

lhoss_Ansiblize
Explorer

Created ‎02-26-2019 04:17 PM

Same question here!

On a kerberos enabled cluster, where we do not (yet) want to have (all) UIs properly (SPNEGO) kerberized, I did not find a (documented) way to get the Schema Registry working without authentication.

---

However i found a work around (hack), to use the registry w//out security, by adding a line 

security_enabled=False

directly in following file (version used in HDF-3.2.0), before Line 101: 

/var/lib/ambari-agent/cache/common-services/REGISTRY/0.3.0/package/scripts/params.py

Plz note: I'ld prefer to get rid of that hack

but I could not find any proper Doc in the HWX HDF Docs.

The most detailed Registry Doc I found (that does not directly relate to the respective Ambari registry configs): https://registry-project.readthedocs.io/en/latest/security.html#spnego

1,520 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
What's New @ Cloudera
Release of Cloudera Streaming Analytics (CSA) 1.9.0 for CDP 7.1.7 SP2 & CDP 7.1.8
View More Announcements