You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by khalidhuseynov <gi...@git.apache.org> on 2017/06/01 06:28:11 UTC
[GitHub] zeppelin issue #2373: [ZEPPELIN-2598] Securing Zeppelin with OpenID Connect
Github user khalidhuseynov commented on the issue:
https://github.com/apache/zeppelin/pull/2373
i've just tried to login using the config info from online demo for oidc-client in https://demo.c2id.com/oidc-client using modified config below
```
oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.discoveryURI = https://demo.c2id.com/oidc-client/cb
oidcConfig.clientId = 000123
oidcConfig.secret = 7wKJNYFaKKg4FxUdi8_R75GGYsiWezvAbcdN1uSumE4
oidcConfig.clientAuthenticationMethodAsString = client_secret_basic
oidcClient = org.pac4j.oidc.client.OidcClient
oidcClient.configuration = $oidcConfig
clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://localhost:8080/api/callback
clients.clients = $oidcClient
requireRoleAdmin = org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer
#requireRoleAdmin.elements = <your role>
config = org.pac4j.core.config.Config
config.clients = $clients
#config.authorizers = admin:$requireRoleAdmin
pac4jRealm = io.buji.pac4j.realm.Pac4jRealm
pac4jSubjectFactory = io.buji.pac4j.subject.Pac4jSubjectFactory
securityManager.subjectFactory = $pac4jSubjectFactory
oidcSecurityFilter = io.buji.pac4j.filter.SecurityFilter
oidcSecurityFilter.config = $config
oidcSecurityFilter.clients = oidcClient
callbackFilter = io.buji.pac4j.filter.CallbackFilter
callbackFilter.defaultUrl = http://localhost:8080
callbackFilter.config = $config
securityManager.realms = $pac4jRealm
...
/api/callback = callbackFilter
#/** = anon
/** = authc
```
but getting exception
```
ERROR [2017-06-01 14:49:39,711] ({qtp764577347-20} LoginRestApi.java[postLogin]:111) - Exception in login:
org.apache.shiro.authc.pam.UnsupportedTokenException: Realm [io.buji.pac4j.realm.Pac4jRealm@734cf9ff] does not support authentication token [org.apache.shiro.authc.UsernamePasswordToken - alice, rememberMe=false]. Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:178)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.apache.zeppelin.rest.LoginRestApi.postLogin(LoginRestApi.java:80)
```
please let me know if you can see any apparent misconfiguration
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---