You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@knox.apache.org by "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com> on 2018/08/16 22:55:04 UTC

Knox SSO - throwing null pointer exception on first time login

Greetings,

I’m facing a weird issue on enabling knox-sso functionality for exposing UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI site – after authentication its throwing java.lang.null.pointer exception but on submitting the url again (without clearing the cookies), the application is getting landed to the proper page.

When I clear the cookies and access the URL again, Its throwing null pointer exception. We are unable to figure whether it is an issue on the Identity provider site or in the knox as Im not seeing any error log messages in both the ends.

I have attached the log messages. Could any please help me in fixing this?


Gatway.log -> After the first time login


2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso
















[cid:image001.png@01D43592.A1449230]

Gateway.log -> Log in second time without clearing browser cookies

Second time:


2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: POST /api/v1/websso

2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as: #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com<ma...@xxxx.com> | attributes: {Mail=[Praveen_Ravikumar@xxxx.com<ma...@xxxx.com>], UserID=[pravikumar], notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl, notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] | isRemembered: false | clientName: SAML2Client | linkedId: null |

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:init(113)) - The cookie max age is being set to: session.

2018-08-16 22:34:17,282 WARN  service.knoxsso (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is invalid: session - using default.

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330)) - Unable to find cookie with name: original-url

2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288)) - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NBYIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_TGs9obB4z6uYRC09YU

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304)) - JWT cookie successfully added.

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - About to redirect to original URL: https://knox.idf-emr-prd.a.intuit.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161)) - hadoop-jwt Cookie has been found and is being processed.

2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161)) - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to URL: http://ip-10-87-66-201.vpc.internal:8088/cluster

2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%xxxxxxx.com<http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%25xxxxxxx.com>

2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134)) - Dispatch response status: 200


Thanks,
Praveen.

Re: Knox SSO - throwing null pointer exception on first time login

Posted by "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>.

Hi,

Just a quick update, for KNOX SSO – we are trying to register the SP entity ID to LDAP system. We are trying import SP ID in the below format,
https://<dns-domain> :8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&amp ; client_name=SAML2Client .

we are getting the below exception on importing the SP ID.

Error while importing LDIF
- Record is invalid: Invalid Dn
javax.naming.NamingException: Record is invalid: Invalid Dn
    at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdifRecord(ImportLdifRunnable.java:409)
    at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.importLdif(ImportLdifRunnable.java:272)
    at org.apache.directory.studio.ldapbrowser.core.jobs.ImportLdifRunnable.run(ImportLdifRunnable.java:218)
    at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
    at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)

Record is invalid: Invalid Dn

I figured out that Semicolon character in the SP ID is causing the issue. Could anyone help me how to import the above SP-ID format to LDAP.

Thanks,
Praveen.


From: "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>
Date: Friday, August 17, 2018 at 8:56 AM
To: "user@knox.apache.org" <us...@knox.apache.org>
Subject: Re: Knox SSO - throwing null pointer exception on first time login

In the idp end they use oracle ldap system to register the entity I’d. System is not letting &amp; sequence entity ID in their LDAP oracle table. So they are registering as & only instead of &amp; . We suspect that might be a reason for a issue.

Is it possible to use some other sequence instead of &amp; ?
Also We are seeing why the oracle ldap system is not letting &amp; sequence to be registered or do we want to use any escape sequences to insert the &amp; in the table.

Please provide your thoughts.


Thanks,
Praveen

Sent from my iPhone

On Aug 17, 2018, at 8:27 AM, larry mccay <la...@gmail.com>> wrote:
Hi Praveen -

Is there no stacktrace anywhere?
You are only getting the NPE line in the browser?

thanks,

--larry

On Thu, Aug 16, 2018 at 11:52 PM, Ravikumar, Praveen Krishnamoorthy <rp...@amazon.com>> wrote:
Attached the SAML Tracer logs for reference. Could anyone please help me in this?

Thanks,
Praveen.

From: "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>>
Date: Thursday, August 16, 2018 at 6:54 PM
To: "user@knox.apache.org<ma...@knox.apache.org>" <us...@knox.apache.org>>
Cc: "Mohanan, Mahesh" <Ma...@intuit.com>>
Subject: Knox SSO - throwing null pointer exception on first time login

Greetings,

I’m facing a weird issue on enabling knox-sso functionality for exposing UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI site – after authentication its throwing java.lang.null.pointer exception but on submitting the url again (without clearing the cookies), the application is getting landed to the proper page.

When I clear the cookies and access the URL again, Its throwing null pointer exception. We are unable to figure whether it is an issue on the Identity provider site or in the knox as Im not seeing any error log messages in both the ends.

I have attached the log messages. Could any please help me in fixing this?


Gatway.log -> After the first time login


2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso
















[cid:image001.png@01D43592.A1449230]

Gateway.log -> Log in second time without clearing browser cookies

Second time:


2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: POST /api/v1/websso

2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as: #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com<ma...@xxxx.com> | attributes: {Mail=[Praveen_Ravikumar@xxxx.com<ma...@xxxx.com>], UserID=[pravikumar], notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl, notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] | isRemembered: false | clientName: SAML2Client | linkedId: null |

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:init(113)) - The cookie max age is being set to: session.

2018-08-16 22:34:17,282 WARN  service.knoxsso (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is invalid: session - using default.

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330)) - Unable to find cookie with name: original-url

2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288)) - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NBYIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_TGs9obB4z6uYRC09YU

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304)) - JWT cookie successfully added.

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - About to redirect to original URL: https://knox.idf-emr-prd.a.intuit.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161)) - hadoop-jwt Cookie has been found and is being processed.

2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161)) - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to URL: http://ip-10-87-66-201.vpc.internal:8088/cluster

2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%xxxxxxx.com<http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%25xxxxxxx.com>

2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134)) - Dispatch response status: 200


Thanks,
Praveen.

Re: Knox SSO - throwing null pointer exception on first time login

Posted by "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>.

In the idp end they use oracle ldap system to register the entity I’d. System is not letting &amp; sequence entity ID in their LDAP oracle table. So they are registering as & only instead of &amp; . We suspect that might be a reason for a issue.

Is it possible to use some other sequence instead of &amp; ?
Also We are seeing why the oracle ldap system is not letting &amp; sequence to be registered or do we want to use any escape sequences to insert the &amp; in the table.

Please provide your thoughts.


Thanks,
Praveen

Sent from my iPhone

On Aug 17, 2018, at 8:27 AM, larry mccay <la...@gmail.com>> wrote:

Hi Praveen -

Is there no stacktrace anywhere?
You are only getting the NPE line in the browser?

thanks,

--larry

On Thu, Aug 16, 2018 at 11:52 PM, Ravikumar, Praveen Krishnamoorthy <rp...@amazon.com>> wrote:
Attached the SAML Tracer logs for reference. Could anyone please help me in this?

Thanks,
Praveen.

From: "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>>
Date: Thursday, August 16, 2018 at 6:54 PM
To: "user@knox.apache.org<ma...@knox.apache.org>" <us...@knox.apache.org>>
Cc: "Mohanan, Mahesh" <Ma...@intuit.com>>
Subject: Knox SSO - throwing null pointer exception on first time login

Greetings,

I’m facing a weird issue on enabling knox-sso functionality for exposing UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI site – after authentication its throwing java.lang.null.pointer exception but on submitting the url again (without clearing the cookies), the application is getting landed to the proper page.

When I clear the cookies and access the URL again, Its throwing null pointer exception. We are unable to figure whether it is an issue on the Identity provider site or in the knox as Im not seeing any error log messages in both the ends.

I have attached the log messages. Could any please help me in fixing this?


Gatway.log -> After the first time login


2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso
















[cid:image001.png@01D43592.A1449230]

Gateway.log -> Log in second time without clearing browser cookies

Second time:


2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: POST /api/v1/websso

2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as: #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com<ma...@xxxx.com> | attributes: {Mail=[Praveen_Ravikumar@xxxx.com<ma...@xxxx.com>], UserID=[pravikumar], notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl, notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] | isRemembered: false | clientName: SAML2Client | linkedId: null |

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:init(113)) - The cookie max age is being set to: session.

2018-08-16 22:34:17,282 WARN  service.knoxsso (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is invalid: session - using default.

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330)) - Unable to find cookie with name: original-url

2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288)) - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NBYIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_TGs9obB4z6uYRC09YU

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304)) - JWT cookie successfully added.

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - About to redirect to original URL: https://knox.idf-emr-prd.a.intuit.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161)) - hadoop-jwt Cookie has been found and is being processed.

2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161)) - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to URL: http://ip-10-87-66-201.vpc.internal:8088/cluster

2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%xxxxxxx.com<http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%25xxxxxxx.com>

2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134)) - Dispatch response status: 200


Thanks,
Praveen.

Re: Knox SSO - throwing null pointer exception on first time login

Posted by "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>.

No Stack trace Larry.

I’m getting this in the browser.

Thanks,
Praveen

Sent from my iPhone

On Aug 17, 2018, at 8:27 AM, larry mccay <la...@gmail.com>> wrote:

Hi Praveen -

Is there no stacktrace anywhere?
You are only getting the NPE line in the browser?

thanks,

--larry

On Thu, Aug 16, 2018 at 11:52 PM, Ravikumar, Praveen Krishnamoorthy <rp...@amazon.com>> wrote:
Attached the SAML Tracer logs for reference. Could anyone please help me in this?

Thanks,
Praveen.

From: "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>>
Date: Thursday, August 16, 2018 at 6:54 PM
To: "user@knox.apache.org<ma...@knox.apache.org>" <us...@knox.apache.org>>
Cc: "Mohanan, Mahesh" <Ma...@intuit.com>>
Subject: Knox SSO - throwing null pointer exception on first time login

Greetings,

I’m facing a weird issue on enabling knox-sso functionality for exposing UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI site – after authentication its throwing java.lang.null.pointer exception but on submitting the url again (without clearing the cookies), the application is getting landed to the proper page.

When I clear the cookies and access the URL again, Its throwing null pointer exception. We are unable to figure whether it is an issue on the Identity provider site or in the knox as Im not seeing any error log messages in both the ends.

I have attached the log messages. Could any please help me in fixing this?


Gatway.log -> After the first time login


2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso
















[cid:image001.png@01D43592.A1449230]

Gateway.log -> Log in second time without clearing browser cookies

Second time:


2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: POST /api/v1/websso

2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as: #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com<ma...@xxxx.com> | attributes: {Mail=[Praveen_Ravikumar@xxxx.com<ma...@xxxx.com>], UserID=[pravikumar], notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl, notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] | isRemembered: false | clientName: SAML2Client | linkedId: null |

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:init(113)) - The cookie max age is being set to: session.

2018-08-16 22:34:17,282 WARN  service.knoxsso (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is invalid: session - using default.

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330)) - Unable to find cookie with name: original-url

2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288)) - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NBYIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_TGs9obB4z6uYRC09YU

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304)) - JWT cookie successfully added.

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - About to redirect to original URL: https://knox.idf-emr-prd.a.intuit.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161)) - hadoop-jwt Cookie has been found and is being processed.

2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161)) - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to URL: http://ip-10-87-66-201.vpc.internal:8088/cluster

2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%xxxxxxx.com<http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%25xxxxxxx.com>

2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134)) - Dispatch response status: 200


Thanks,
Praveen.

Re: Knox SSO - throwing null pointer exception on first time login

Posted by larry mccay <la...@gmail.com>.

Hi Praveen -

Is there no stacktrace anywhere?
You are only getting the NPE line in the browser?

thanks,

--larry

On Thu, Aug 16, 2018 at 11:52 PM, Ravikumar, Praveen Krishnamoorthy <
rpkrish@amazon.com> wrote:

> Attached the SAML Tracer logs for reference. Could anyone please help me
> in this?
>
>
>
> Thanks,
>
> Praveen.
>
>
>
> *From: *"Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>
> *Date: *Thursday, August 16, 2018 at 6:54 PM
> *To: *"user@knox.apache.org" <us...@knox.apache.org>
> *Cc: *"Mohanan, Mahesh" <Ma...@intuit.com>
> *Subject: *Knox SSO - throwing null pointer exception on first time login
>
>
>
> Greetings,
>
>
>
> I’m facing a weird issue on enabling knox-sso functionality for exposing
> UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI
> site – after authentication its throwing *java.lang.null.pointer*
> exception but on submitting the url again (without clearing the cookies),
> the application is getting landed to the proper page.
>
>
>
> When I clear the cookies and access the URL again, Its throwing null
> pointer exception. We are unable to figure whether it is an issue on the
> Identity provider site or in the knox as Im not seeing any error log
> messages in both the ends.
>
>
>
> I have attached the log messages. Could any please help me in fixing this?
>
>
>
>
>
> Gatway.log -> After the first time login
>
>
>
> 2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /yarn/
>
> 2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114))
> - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/
> knoxsso/api/v1/websso?originalUrl=https://knox.idf-
> emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/
>
> 2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /api/v1/websso
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [image: cid:image001.png@01D43592.A1449230]
>
>
>
> Gateway.log -> Log in second time without clearing browser cookies
>
>
>
> Second time:
>
>
>
> 2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /yarn/
>
> 2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114))
> - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/
> knoxsso/api/v1/websso?originalUrl=https://knox.idf-
> emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/
>
> 2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /api/v1/websso
>
> 2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: POST /api/v1/websso
>
> 2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /api/v1/websso
>
> 2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter
> (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as:
> #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com | attributes: {Mail=[
> Praveen_Ravikumar@xxxx.com], UserID=[pravikumar],
> notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl,
> notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] |
> isRemembered: false | clientName: SAML2Client | linkedId: null |
>
> 2018-08-16 22:34:17,282 INFO  service.knoxsso
> (WebSSOResource.java:init(113)) - The cookie max age is being set to:
> session.
>
> 2018-08-16 22:34:17,282 WARN  service.knoxsso
> (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is
> invalid: session - using default.
>
> 2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330))
> - Unable to find cookie with name: original-url
>
> 2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288))
> - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.
> eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoi
> S05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-
> SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NB
> YIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_
> TGs9obB4z6uYRC09YU
>
> 2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304))
> - JWT cookie successfully added.
>
> 2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214))
> - About to redirect to original URL: https://knox.idf-emr-prd.
> a.intuit.com:8446/gateway/gate1/yarn/
>
> 2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119))
> - Received request: GET /yarn/
>
> 2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161))
> - hadoop-jwt Cookie has been found and is being processed.
>
> 2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161))
> - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/
> gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to
> URL: http://ip-10-87-66-201.vpc.internal:8088/cluster
>
> 2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121))
> - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?
> user.name=Praveen_Ravikumar%xxxxxxx.com
>
> 2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134))
> - Dispatch response status: 200
>
>
>
>
>
> Thanks,
>
> Praveen.
>
>
>

Re: Knox SSO - throwing null pointer exception on first time login

Posted by "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>.

Attached the SAML Tracer logs for reference. Could anyone please help me in this?

Thanks,
Praveen.

From: "Ravikumar, Praveen Krishnamoorthy" <rp...@amazon.com>
Date: Thursday, August 16, 2018 at 6:54 PM
To: "user@knox.apache.org" <us...@knox.apache.org>
Cc: "Mohanan, Mahesh" <Ma...@intuit.com>
Subject: Knox SSO - throwing null pointer exception on first time login

Greetings,

I’m facing a weird issue on enabling knox-sso functionality for exposing UI’s running in AWS EMR. On enabling knox-sso, I tried to access the YARNUI site – after authentication its throwing java.lang.null.pointer exception but on submitting the url again (without clearing the cookies), the application is getting landed to the proper page.

When I clear the cookies and access the URL again, Its throwing null pointer exception. We are unable to figure whether it is an issue on the Identity provider site or in the knox as Im not seeing any error log messages in both the ends.

I have attached the log messages. Could any please help me in fixing this?


Gatway.log -> After the first time login


2018-08-16 22:30:14,369 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:30:14,370 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:30:14,493 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso
















[cid:image001.png@01D43592.A1449230]

Gateway.log -> Log in second time without clearing browser cookies

Second time:


2018-08-16 22:34:15,242 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:15,242 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(114)) - Sending redirect to: https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/knoxsso/api/v1/websso?originalUrl=https://knox.idf-emr-prd.a.xxxx.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:15,362 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,055 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: POST /api/v1/websso

2018-08-16 22:34:17,279 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /api/v1/websso

2018-08-16 22:34:17,279 DEBUG filter.Pac4jIdentityAdapter (Pac4jIdentityAdapter.java:doFilter(85)) - User authenticated as: #SAML2Profile# | id: Praveen_Ravikumar@xxxx.com<ma...@xxxx.com> | attributes: {Mail=[Praveen_Ravikumar@xxxx.com<ma...@xxxx.com>], UserID=[pravikumar], notOnOrAfter=2018-08-16T22:39:16.775Z, sessionindex=MdgrQer1EH_J2n1l.OX54WupIWl, notBefore=2018-08-16T22:29:16.775Z} | roles: [] | permissions: [] | isRemembered: false | clientName: SAML2Client | linkedId: null |

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:init(113)) - The cookie max age is being set to: session.

2018-08-16 22:34:17,282 WARN  service.knoxsso (WebSSOResource.java:init(117)) - The SSO cookie max age configuration is invalid: session - using default.

2018-08-16 22:34:17,282 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(330)) - Unable to find cookie with name: original-url

2018-08-16 22:34:17,284 DEBUG service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(288)) - Adding the following JWT token as a cookie: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJQcmF2ZWVuX1JhdmlrdW1hckBpbnR1aXQuY29tIiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTUzNDQ1ODk1N30.CKWaSVrxyW18O-SJ7mc8ZieehS8izd90bAdQmTd38y-FkuTXhTMSTDy2_RqERLklgeiPGsE1zQ7TdxRA9wgQ3NBYIaiAfBKE1epbmgFZ_MyAlmHvaSafXKF4LI49HNHJoUE1m2r4wRXsS1uysAwSMJ2r_TGs9obB4z6uYRC09YU

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(304)) - JWT cookie successfully added.

2018-08-16 22:34:17,284 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - About to redirect to original URL: https://knox.idf-emr-prd.a.intuit.com:8446/gateway/gate1/yarn/

2018-08-16 22:34:17,399 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /yarn/

2018-08-16 22:34:17,399 DEBUG federation.jwt (SSOCookieFederationFilter.java:getJWTFromCookie(161)) - hadoop-jwt Cookie has been found and is being processed.

2018-08-16 22:34:17,400 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(161)) - Rewrote URL: https://knox.idf-emr-prd.a.xxxxxx.com:8446/gateway/gate1/yarn/, direction: IN via implicit rule: YARNUI/yarn/inbound/root to URL: http://ip-10-87-66-201.vpc.internal:8088/cluster

2018-08-16 22:34:17,401 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%xxxxxxx.com<http://ip-xx-xx-xx-xxx.vpc.internal:8088/cluster?user.name=Praveen_Ravikumar%25xxxxxxx.com>

2018-08-16 22:34:17,405 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(134)) - Dispatch response status: 200


Thanks,
Praveen.