You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "rohannimmagadda (Jira)" <ji...@apache.org> on 2020/08/27 16:59:00 UTC
[jira] [Comment Edited] (KNOX-2400) Can't login with SSO+CAS
[ https://issues.apache.org/jira/browse/KNOX-2400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183421#comment-17183421 ]
rohannimmagadda edited comment on KNOX-2400 at 8/27/20, 4:58 PM:
-----------------------------------------------------------------
[~lmccay]
We faced similar issue with Knox 1.4 + JDK 1.8 while creating the file in HDFS with Knox+webHDFS curl , However here is the few steps we have taken to fix this issue
# Step1 : We've started the Knox Service alone with Open JDK 11 by exporting JAVA command in gateway.sh (ex: export JAVA=/usr/java/openjdk-11/bin/java)
# Step2: If you’r using http auth to non Kerberos which means (hadoop.http.authentication.type: simple, hadoop.http.authentication.simple.anonymous.allowed: true) the above export JAVA command would work
# Otherwise , If your are using OpenJDK 11 and have http authentication enabled to Kerberos, you may experience authentication errors (i.e HTTP ERROR 401 ** Authentication require like in YARN and WebHDFS gateway URLs *)* when running Knox Services . To work around this problem: We tried setting this sun.security.krb5.disableReferrals=true` value in java.security file but it didn’t worked out in our case
# Here is the fix : By removing `renew_lifetime` property from /etc/krb5.conf resolved our issue
# we can also run below command to keep renew_lifetime in krb5.conf
was (Author: rohannimmagadda):
[~lmccay]
We faced similar issue with Knox 1.4 + JDK 1.8 while creating the file in HDFS with Knox+webHDFS curl , However here is the few steps we have taken to fix this issue
# Step1 : We've started the Knox Service alone with Open JDK 11 by exporting JAVA command in gateway.sh (ex: export JAVA=/usr/java/openjdk-11/bin/java)
# Step2: If you’r using http auth to non Kerberos which means (hadoop.http.authentication.type: simple, hadoop.http.authentication.simple.anonymous.allowed: true) the above export JAVA command would work
# Otherwise , If your are using OpenJDK 11 and have http authentication enabled to Kerberos, you may experience authentication errors (i.e HTTP ERROR 401 ** Authentication require like in YARN and WebHDFS gateway URLs *)* when running Knox Services . To work around this problem: We tried setting this sun.security.krb5.disableReferrals=true` value in java.security file but it didn’t worked out in our case
# Here is the fix : By removing `renew_lifetime` property from /etc/krb5.conf resolved our issue
> Can't login with SSO+CAS
> ------------------------
>
> Key: KNOX-2400
> URL: https://issues.apache.org/jira/browse/KNOX-2400
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Affects Versions: 1.4.0
> Environment: java8
> Reporter: cdmikechen
> Priority: Major
>
> If we use CAS to login by KNOX-SSO, the request will fail with an error:
> {code}
> 2020-07-07 18:20:14,783 ERROR knox.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
> java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
> at org.apache.knox.gateway.services.security.EncryptionResult.toByteAray(EncryptionResult.java:45)
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:132)
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:150)
> at org.pac4j.core.engine.DefaultSecurityLogic.saveRequestedUrl(DefaultSecurityLogic.java:204)
> at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:148)
> at org.pac4j.j2e.filter.SecurityFilter.internalFilter(SecurityFilter.java:92)
> at org.pac4j.j2e.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:84)
> at org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:272)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:52)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93)
> at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135)
> at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386)
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
> at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106)
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.Server.handle(Server.java:500)
> at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
> at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
> at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-07 18:20:14,784 ERROR knox.gateway (GatewayFilter.java:doFilter(168)) - Gateway processing failed: javax.servlet.ServletException: java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
> javax.servlet.ServletException: java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:64)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:52)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93)
> at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135)
> at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386)
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617)
> at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226)
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106)
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.Server.handle(Server.java:500)
> at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
> at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
> at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
> at org.apache.knox.gateway.services.security.EncryptionResult.toByteAray(EncryptionResult.java:45)
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:132)
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:150)
> at org.pac4j.core.engine.DefaultSecurityLogic.saveRequestedUrl(DefaultSecurityLogic.java:204)
> at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:148)
> at org.pac4j.j2e.filter.SecurityFilter.internalFilter(SecurityFilter.java:92)
> at org.pac4j.j2e.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:84)
> at org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:272)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
> ... 55 more
> {code}
> I use java8 to start KNOX. If I use java9, this error would not have happened
--
This message was sent by Atlassian Jira
(v8.3.4#803005)