You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Tien Dat (Jira)" <ji...@apache.org> on 2022/01/28 17:54:00 UTC

[jira] [Created] (ZEPPELIN-5646) Query to REST API of Zeppelin secured with KNOXSSO will get empty redirection

Tien Dat created ZEPPELIN-5646:
----------------------------------

             Summary: Query to REST API of Zeppelin secured with KNOXSSO will get empty redirection
                 Key: ZEPPELIN-5646
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5646
             Project: Zeppelin
          Issue Type: Bug
          Components: Core
    Affects Versions: 0.8.2
            Reporter: Tien Dat


Dear

We are using Apache Knox 1.5.0 to secure Zeppelin web UI. For the web UI access, all access will get redirected CORRECTLY to KNOXSSO page. Once the login successfully finishes, it gets redirected to the main page.

However, when querying REST API path, for example, just to get the note status, the redirection failed. Hereafter presents an example response:

{"status":"OK","message":"","body":{"redirectURL":"https://knoxhost.example.com:8443/gateway/knoxsso/api/v1/websso?originalUrl="}}

Please check the shiro.ini that we use:
[main]
### A sample for configuring Knox JWT Realm
knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm
## Domain of Knox SSO
knoxJwtRealm.providerUrl = https://knoxhost.example.com:8443/
## Url for login
knoxJwtRealm.login = gateway/knoxsso/api/v1/websso
## Url for logout
knoxJwtRealm.logout = gateway/knoxssout/api/v1/webssout
knoxJwtRealm.logoutAPI = false
knoxJwtRealm.redirectParam = originalUrl
knoxJwtRealm.cookieName = hadoop-jwt
knoxJwtRealm.publicKeyPath = /etc/ssl/certificate
knoxJwtRealm.groupPrincipalMapping = group.principal.mapping
knoxJwtRealm.principalMapping = principal.mapping
# This is required if KNOX SSO is enabled, to check if "knoxJwtRealm.cookieName" cookie was expired/deleted.
authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

### Enables 'HttpOnly' flag in Zeppelin cookies
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true
cookie.secure = true
sessionManager.sessionIdCookie = $cookie

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[roles]
admin = *
[urls]
/** = authc

Could you please take a look and see what was the reason for this issue?

Best regards
Tien Dat PHAN



--
This message was sent by Atlassian Jira
(v8.20.1#820001)