You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Vipin Rathor (JIRA)" <ji...@apache.org> on 2016/12/19 20:33:58 UTC

[jira] [Created] (ZEPPELIN-1840) Fully qualified username can not be used for login when principalSuffix is defined

Vipin Rathor created ZEPPELIN-1840:
--------------------------------------

             Summary: Fully qualified username can not be used for login when principalSuffix is defined
                 Key: ZEPPELIN-1840
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-1840
             Project: Zeppelin
          Issue Type: Bug
          Components: security
    Affects Versions: 0.7.0
            Reporter: Vipin Rathor
            Priority: Minor


When Zeppelin is configured against Active Directory for user authentication, by default, fully qualified user names are allowed. E.g. user1@DOMAIN.COM

User can be spared from typing the long domain name each time by specifying "activeDirectoryGroupRealm.principalSuffix = @DOMAIN.COM" in shiro.ini. Now user can just specify short username i.e. "user1" during login.

Problem:
When principalSuffix is defined in shiro.ini, only the short username are allowed and any attempt with fully qualified user name will result in the login error.

Excepted Behavior:
Zeppelin UI should allow both username formats (short and fully qualified) when principalSuffix is defined



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)