You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Jaideep Singh <ja...@gmail.com> on 2017/05/01 12:31:16 UTC
Zeppelin not loading the index page after redirection from IDP
Hello,
I am not able to load the zeppelin page after redirection from IDP. The
page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory
facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
simpleAuthenticator =
org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator
formClient = org.pac4j.http.client.indirect.FormClient
formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
formClient.authenticator = $simpleAuthenticator
basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator
casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true
vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq
saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://10.11.198.126:8083/callback
clients.clients =
$facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client
############################################################################
# REALM & FILTERS :
############################################################################
clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients
clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client
[roles]
admin = *
[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
I am attaching the video file for the error coming.
Thanks,
Jaideep Singh
Re: Zeppelin not loading the index page after redirection from IDP
Posted by Jaideep Singh <ja...@gmail.com>.
Hello Paul,
Thanks for your support, i am able to prototype it, as my shiro was not
updated, it resolved after updation to latest version.
Thanks,
Jaideep Singh
On Wednesday, May 3, 2017, Paul Brenner <pb...@placeiq.com> wrote:
> Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe
> someone will know the answer to your problem but my guess is that you are
> going to have to troubleshoot this by stripping out all that fancy
> complexity until you get a basic shiro.ini that works and then methodically
> add pieces back in until you see what is breaking. Once you know what is
> going on we would all appreciate your help adding to the documentation for
> using shiro with zeppelin.
>
> <http://www.placeiq.com/> <http://www.placeiq.com/>
> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
> <https://www.linkedin.com/company/placeiq>
> <https://www.linkedin.com/company/placeiq>
> DATA SCIENTIST
> *(217) 390-3033 <(217)%20390-3033> *
>
> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
> PlaceIQ:Location Data Accuracy]
> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>
>
> On Wed, May 03, 2017 at 8:36 AM Jaideep Singh <Jaideep Singh
> <javascript:_e(%7B%7D,'cvml','Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e');>>
> wrote:
>
>> Also attaching the screen shot for 2 JSession id which i got after
>> redirection.
>>
>> On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <jaideep333@gmail.com
>> <javascript:_e(%7B%7D,'cvml','jaideep333@gmail.com');>> wrote:
>>
>>> Hello,
>>>
>>> I have used saml based sso authentication on zeppelin url which is on
>>> localhost:8080. I am able to load the zeppelin page successfully if i
>>> disable the shiro.ini file. I have used sso authentication with wso2,
>>> configured in shiro.ini with metadata for idp and sp provided there.
>>> But after redirection from idp to zeppelin / url i am not able to load
>>> the page.
>>>
>>> Following are the assumption for problem occurence
>>> *** Problem may be due to the websocket calls which are not initiating
>>> after redirection, but i can see it works if no authentication applied.
>>> ** *I am getting JSessionid after redirection from IDP. Is Zeppelin
>>> server also providing JSessionid which may cause conflicts?
>>>
>>> Plese help me to identify the problem.
>>>
>>> I am attaching the log file and shiro.ini.
>>>
>>> I have checked the log file the error i am getting is
>>>
>>>
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.serv
>>> er.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty.
>>> servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty.
>>> servlet.DefaultServlet,-1,true
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - call filter
>>> org.apache.zeppelin.server.CorsFilter-5ae50ce6
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - call filter ShiroFilter
>>> 17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context
>>> session is invalid. Ignoring and creating an anonymous (session-less)
>>> Subject instance.
>>> org.apache.shiro.session.UnknownSessionException: There is no session
>>> with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
>>> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSess
>>> ion(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS
>>> essionFromDataSource(DefaultSessionManager.java:236)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS
>>> ession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractValidatingSessionManage
>>> r.doGetSession(AbstractValidatingSessionManager.java:118)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lo
>>> okupSession(AbstractNativeSessionManager.java:108)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.ge
>>> tSession(AbstractNativeSessionManager.java:100)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSe
>>> ssion(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(D
>>> efaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
>>> [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
>>> [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
>>> [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>>> ct(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>>> ernal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
>>> [shiro-web-1.2.3.jar:1.2.3]
>>> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
>>> [classes/:na]
>>> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>>> [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>>> ndle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210
>>> .jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.Server.handle(Server.java:499)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
>>> [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new
>>> session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
>>> [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.p.s.context.SAML2ContextProvider - Creating message storage by
>>> org.pac4j.saml.storage.EmptyStorageFactory
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not
>>> contain any EntityDescriptors with the ID: zeppelin
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint
>>>
>>>
>>> Thanks and Regards,
>>> Jaideep Singh
>>>
>>>
>>> On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <pbrenner@placeiq.com
>>> <javascript:_e(%7B%7D,'cvml','pbrenner@placeiq.com');>> wrote:
>>>
>>>> That is an impressively complex Shira.ini!
>>>>
>>>> 500 sounds like something isn't loading correctly. Have you looked at
>>>> the logs in /car/log/zeppelin?
>>>>
>>>> <http://www.placeiq.com/> <http://www.placeiq.com/>
>>>> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
>>>> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
>>>> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
>>>> <https://www.linkedin.com/company/placeiq>
>>>> <https://www.linkedin.com/company/placeiq>
>>>> DATA SCIENTIST
>>>> *(217) 390-3033 <(217)%20390-3033> *
>>>>
>>>> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
>>>> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
>>>> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
>>>> PlaceIQ:Location Data Accuracy]
>>>> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>>>>
>>>>
>>>> On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <Jaideep Singh
>>>> <javascript:_e(%7B%7D,'cvml','Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e');>>
>>>> wrote:
>>>>
>>>>> +users@zeppelin.incubator.apache.org
>>>>> <javascript:_e(%7B%7D,'cvml','users@zeppelin.incubator.apache.org');>
>>>>>
>>>>> On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <jaideep333@gmail.com
>>>>> <javascript:_e(%7B%7D,'cvml','jaideep333@gmail.com');>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am not able to load the zeppelin page after redirection from IDP.
>>>>>> The page loads with error 500.
>>>>>> I am using SAML based authentication for securing zeppelin home page
>>>>>> URL.
>>>>>> Please find the shiro.ini file as follows:
>>>>>> [main]
>>>>>> ############################################################
>>>>>> ################
>>>>>> # PROVIDERS :
>>>>>> ############################################################
>>>>>> ################
>>>>>> subjectFactory = io.buji.pac4j.ClientSubjectFactory
>>>>>> securityManager.subjectFactory = $subjectFactory
>>>>>>
>>>>>> facebookClient = org.pac4j.oauth.client.FacebookClient
>>>>>> facebookClient.key = 145278422258960
>>>>>> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>>>>>>
>>>>>> twitterClient = org.pac4j.oauth.client.TwitterClient
>>>>>> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
>>>>>> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>>>>>>
>>>>>> simpleAuthenticator = org.pac4j.http.credentials.aut
>>>>>> henticator.test.SimpleTestUsernamePasswordAuthenticator
>>>>>>
>>>>>> formClient = org.pac4j.http.client.indirect.FormClient
>>>>>> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
>>>>>> formClient.authenticator = $simpleAuthenticator
>>>>>>
>>>>>> basicAuthClient = org.pac4j.http.client.indirect
>>>>>> .IndirectBasicAuthClient
>>>>>> basicAuthClient.authenticator = $simpleAuthenticator
>>>>>>
>>>>>> casClient = org.pac4j.cas.client.CasClient
>>>>>> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
>>>>>> #casClient.gateway=true
>>>>>>
>>>>>> vkClient = org.pac4j.oauth.client.VkClient
>>>>>> vkClient.key = 4224582
>>>>>> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>>>>>>
>>>>>> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
>>>>>> saml2Config.keystorePath = samlKeystore.jks
>>>>>> saml2Config.keystorePassword = pac4j-demo-passwd
>>>>>> saml2Config.privateKeyPassword = pac4j-demo-passwd
>>>>>> saml2Config.identityProviderMetadataPath = metadata-okta.xml
>>>>>> saml2Config.maximumAuthenticationLifetime = 3600
>>>>>> saml2Config.serviceProviderEntityId = zeppelin
>>>>>> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>>>>>>
>>>>>> saml2Client = org.pac4j.saml.client.SAML2Client
>>>>>> saml2Client.configuration = $saml2Config
>>>>>>
>>>>>> clients = org.pac4j.core.client.Clients
>>>>>> clients.callbackUrl = http://10.11.198.126:8083/callback
>>>>>> clients.clients = $facebookClient,$twitterClient
>>>>>> ,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client
>>>>>>
>>>>>> ############################################################
>>>>>> ################
>>>>>> # REALM & FILTERS :
>>>>>> ############################################################
>>>>>> ################
>>>>>>
>>>>>>
>>>>>>
>>>>>> clientsRealm = io.buji.pac4j.ClientRealm
>>>>>> #clientsRealm = org.apache.zeppelin.realm.PamRealm
>>>>>> clientsRealm.defaultRoles = ROLE_USER
>>>>>> clientsRealm.clients = $clients
>>>>>>
>>>>>> clientsFilter = io.buji.pac4j.ClientFilter
>>>>>> clientsFilter.clients = $clients
>>>>>> clientsFilter.failureUrl = /error500.jsp
>>>>>>
>>>>>> sessionManager = org.apache.shiro.web.session.m
>>>>>> gt.DefaultWebSessionManager
>>>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>>>> securityManager.cacheManager = $cacheManager
>>>>>>
>>>>>> securityManager.sessionManager = $sessionManager
>>>>>> securityManager.sessionManager.globalSessionTimeout = 86400000
>>>>>>
>>>>>>
>>>>>>
>>>>>> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> facebookRoles.client = $facebookClient
>>>>>> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> twitterRoles.client = $twitterClient
>>>>>> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> formRoles.client = $formClient
>>>>>> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> basicAuthRoles.client = $basicAuthClient
>>>>>> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> casRoles.client = $casClient
>>>>>> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> vkRoles.client = $vkClient
>>>>>> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> saml2Roles.client = $saml2Client
>>>>>>
>>>>>> [roles]
>>>>>> admin = *
>>>>>>
>>>>>>
>>>>>> [urls]
>>>>>> /facebook/** = facebookRoles[ROLE_USER]
>>>>>> /twitter/** = twitterRoles[ROLE_USER]
>>>>>> /form/** = formRoles[ROLE_USER]
>>>>>> /basicauth/** = basicAuthRoles[ROLE_USER]
>>>>>> /cas/** = casRoles[ROLE_USER]
>>>>>> /vk/** = vkRoles[ROLE_USER]
>>>>>> /saml/** = saml2Roles[ROLE_USER]
>>>>>> /callback = clientsFilter
>>>>>> /logout = logout
>>>>>> /** = saml2Roles[ROLE_USER]
>>>>>> /api/version = anon
>>>>>> /api/interpreter/** = authc, roles[admin]
>>>>>> /api/configurations/** = authc, roles[admin]
>>>>>> /api/credential/** = authc, roles[admin]
>>>>>>
>>>>>>
>>>>>> I am attaching the video file for the error coming.
>>>>>>
>>>>>> Thanks,
>>>>>> Jaideep Singh
>>>>>>
>>>>>
>>>>>
>>>
>
>
>
Re: Zeppelin not loading the index page after redirection from IDP
Posted by Paul Brenner <pb...@placeiq.com>.
Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe someone will know the answer to your problem but my guess is that you are going to have to troubleshoot this by stripping out all that fancy complexity until you get a basic shiro.ini that works and then methodically add pieces back in until you see what is breaking. Once you know what is going on we would all appreciate your help adding to the documentation for using shiro with zeppelin.
http://www.placeiq.com/ http://www.placeiq.com/ http://www.placeiq.com/
Paul Brenner
https://twitter.com/placeiq https://twitter.com/placeiq https://twitter.com/placeiq
https://www.facebook.com/PlaceIQ https://www.facebook.com/PlaceIQ
https://www.linkedin.com/company/placeiq https://www.linkedin.com/company/placeiq
DATA SCIENTIST
tel:(217)%20390-3033
http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/ http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/ http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/
On Wed, May 03, 2017 at 8:36 AM Jaideep Singh
<
mailto:Jaideep Singh <ja...@gmail.com>
> wrote:
a, pre, code, a:link, body { word-wrap: break-word !important; }
Also attaching the screen shot for 2 JSession id which i got after redirection.
On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh
<
mailto:jaideep333@gmail.com
>
wrote:
Hello,
I have used saml based sso authentication on zeppelin url which is on localhost:8080. I am able to load the zeppelin page successfully if i disable the shiro.ini file. I have used sso authentication with wso2, configured in shiro.ini with metadata for idp and sp provided there.
But after redirection from idp to zeppelin / url i am not able to load the page.
Following are the assumption for problem occurence
*
Problem may be due to the websocket calls which are not initiating after redirection, but i can see it works if no authentication applied.
*
I am getting JSessionid after redirection from IDP. Is Zeppelin server also providing JSessionid which may cause conflicts?
Plese help me to identify the problem.
I am attaching the log file and shiro.ini
.
I have checked the log file the error i am getting is
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.e.jetty.servlet.
ServletHandler - chain=org.apache.zeppelin.
server.CorsFilter-5ae50ce6->
ShiroFilter->org.eclipse.
jetty.servlet.DefaultServlet-
69b2283a@5b910f06==org.
eclipse.jetty.servlet.
DefaultServlet,-1,true
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.e.jetty.servlet.
ServletHandler - call filter org.apache.zeppelin.server.
CorsFilter-5ae50ce6
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.e.jetty.servlet.
ServletHandler - call filter ShiroFilter
17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.a.shiro.mgt.
DefaultSecurityManager - Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.
UnknownSessionException: There is no session with id [804affc8-ea2c-40ad-9db8-
0492c9f1f134/api/security/
ticket]
at org.apache.shiro.session.mgt.
eis.AbstractSessionDAO.
readSession(
AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.
DefaultSessionManager.
retrieveSessionFromDataSource(
DefaultSessionManager.java:
236) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.
DefaultSessionManager.
retrieveSession(
DefaultSessionManager.java:
222) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.
AbstractValidatingSessionManag
er.doGetSession(
AbstractValidatingSessionManag
er.java:118) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.
AbstractNativeSessionManager.
lookupSession(
AbstractNativeSessionManager.
java:108) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.
AbstractNativeSessionManager.
getSession(
AbstractNativeSessionManager.
java:100) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.
SessionsSecurityManager.
getSession(
SessionsSecurityManager.java:
125) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.
DefaultSecurityManager.
resolveContextSession(
DefaultSecurityManager.java:
456) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.
DefaultSecurityManager.
resolveSession(
DefaultSecurityManager.java:
442) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.
DefaultSecurityManager.
createSubject(
DefaultSecurityManager.java:
338) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.
Subject$Builder.buildSubject(
Subject.java:846) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.subject.
WebSubject$Builder.
buildWebSubject(WebSubject.
java:148) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.
AbstractShiroFilter.
createSubject(
AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.
AbstractShiroFilter.
doFilterInternal(
AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.
OncePerRequestFilter.doFilter(
OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.eclipse.jetty.servlet.
ServletHandler$CachedChain.
doFilter(ServletHandler.java:
1652) [jetty-servlet-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.apache.zeppelin.server.
CorsFilter.doFilter(
CorsFilter.java:72) [classes/:na]
at org.eclipse.jetty.servlet.
ServletHandler$CachedChain.
doFilter(ServletHandler.java:
1652) [jetty-servlet-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.servlet.
ServletHandler.doHandle(
ServletHandler.java:585) [jetty-servlet-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.ScopedHandler.handle(
ScopedHandler.java:143) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.security.
SecurityHandler.handle(
SecurityHandler.java:577) [jetty-security-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
session.SessionHandler.
doHandle(SessionHandler.java:
223) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.ContextHandler.
doHandle(ContextHandler.java:
1127) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.servlet.
ServletHandler.doScope(
ServletHandler.java:515) [jetty-servlet-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
session.SessionHandler.
doScope(SessionHandler.java:
185) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.ContextHandler.
doScope(ContextHandler.java:
1061) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.ScopedHandler.handle(
ScopedHandler.java:141) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.
ContextHandlerCollection.
handle(
ContextHandlerCollection.java:
215) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
handler.HandlerWrapper.handle(
HandlerWrapper.java:97) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
Server.handle(Server.java:499) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
HttpChannel.handle(
HttpChannel.java:311) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at org.eclipse.jetty.server.
HttpConnection.onFillable(
HttpConnection.java:257) [jetty-server-9.2.15.
v20160210.jar:9.2.15.
v20160210]
at
http://org.eclipse.jetty.io
.
AbstractConnection$2.run(
AbstractConnection.java:544) [jetty-io-9.2.15.v20160210.
jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.
QueuedThreadPool.runJob(
QueuedThreadPool.java:635) [jetty-util-9.2.15.v20160210.
jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.
QueuedThreadPool$3.run(
QueuedThreadPool.java:555) [jetty-util-9.2.15.v20160210.
jar:9.2.15.v20160210]
at java.lang.Thread.run(Thread.
java:745) [na:1.8.0_121]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.a.s.s.mgt.
DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.
SimpleSession,id=null]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.a.shiro.web.servlet.
SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-
4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.p.s.context.
SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.
EmptyStorageFactory
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.o.s.m.r.i.
AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: zeppelin
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
40ad-9db8-0492c9f1f134/api/
security/ticket] DEBUG o.o.s.m.support.
SAML2MetadataSupport - Selecting default IndexedEndpoint
Thanks and Regards,
Jaideep Singh
On Tue, May 2, 2017 at 5:24 PM, Paul Brenner
<
mailto:pbrenner@placeiq.com
>
wrote:
That is an impressively complex Shira.ini!
500 sounds like something isn't loading correctly. Have you looked at the logs in /car/log/zeppelin?
http://www.placeiq.com/ http://www.placeiq.com/ http://www.placeiq.com/
Paul Brenner
https://twitter.com/placeiq https://twitter.com/placeiq https://twitter.com/placeiq
https://www.facebook.com/PlaceIQ https://www.facebook.com/PlaceIQ
https://www.linkedin.com/company/placeiq https://www.linkedin.com/company/placeiq
DATA SCIENTIST
tel:(217)%20390-3033
http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/ http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/ http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/
On Tue, May 02, 2017 at 1:51 AM Jaideep Singh
<
mailto:Jaideep+Singh+%3Cjaideep333@gmail.com%3E
> wrote:
+
mailto:users@zeppelin.incubator.apache.org
On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh
<
mailto:jaideep333@gmail.com
>
wrote:
Hello,
I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
##############################
##############################
################
# PROVIDERS :
##############################
##############################
################
subjectFactory = io.buji.pac4j.ClientSubjectFac
tory
securityManager.subjectFactory = $subjectFactory
facebookClient = org.pac4j.oauth.client.Faceboo
kClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484d
a8
twitterClient = org.pac4j.oauth.client.Twitter
Client
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1V
zbOOzE8rBofs
simpleAuthenticator = org.pac4j.http.credentials.aut
henticator.test.SimpleTestUser
namePasswordAuthenticator
formClient = org.pac4j.http.client.indirect
.FormClient
formClient.loginUrl =
http://10.11.198.126:8083/loginForm.jsp
formClient.authenticator = $simpleAuthenticator
basicAuthClient = org.pac4j.http.client.indirect
.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator
casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl =
https://casserverpac4j.herokuapp.com
#casClient.gateway=true
vkClient = org.pac4j.oauth.client.VkClien
t
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq
saml2Config = org.pac4j.saml.client.SAML2Cli
entConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMe
tadataPath = metadata-okta.xml
saml2Config.maximumAuthenticat
ionLifetime = 3600
saml2Config.serviceProviderEnt
ityId = zeppelin
saml2Config.serviceProviderMet
adataPath = sp-metadata.xml
saml2Client = org.pac4j.saml.client.SAML2Cli
ent
saml2Client.configuration = $saml2Config
clients = org.pac4j.core.client.Clients
clients.callbackUrl =
http://10.11.198.126:8083/callback
clients.clients = $facebookClient,$twitterClient
,$formClient,$basicAuthClient,
$casClient,$vkClient,$saml2Cli
ent
##############################
##############################
################
# REALM & FILTERS :
##############################
##############################
################
clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamR
ealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients
clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp
sessionManager = org.apache.shiro.web.session.m
gt.DefaultWebSessionManager
cacheManager = org.apache.shiro.cache.MemoryC
onstrainedCacheManager
securityManager.cacheManager = $cacheManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager
.globalSessionTimeout = 86400000
facebookRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRol
esAuthorizationFilter
saml2Roles.client = $saml2Client
[roles]
admin = *
[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
I am attaching the video file for the error coming.
Thanks,
Jaideep Singh
Re: Zeppelin not loading the index page after redirection from IDP
Posted by Jaideep Singh <ja...@gmail.com>.
Also attaching the screen shot for 2 JSession id which i got after
redirection.
On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <ja...@gmail.com> wrote:
> Hello,
>
> I have used saml based sso authentication on zeppelin url which is on
> localhost:8080. I am able to load the zeppelin page successfully if i
> disable the shiro.ini file. I have used sso authentication with wso2,
> configured in shiro.ini with metadata for idp and sp provided there.
> But after redirection from idp to zeppelin / url i am not able to load the
> page.
>
> Following are the assumption for problem occurence
> *** Problem may be due to the websocket calls which are not initiating
> after redirection, but i can see it works if no authentication applied.
> ** *I am getting JSessionid after redirection from IDP. Is Zeppelin
> server also providing JSessionid which may cause conflicts?
>
> Plese help me to identify the problem.
>
> I am attaching the log file and shiro.ini.
>
> I have checked the log file the error i am getting is
>
>
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - chain=org.apache.zeppelin.server.CorsFilter-5ae50ce6->
> ShiroFilter->org.eclipse.jetty.servlet.DefaultServlet-69b2283a@5b910f06
> ==org.eclipse.jetty.servlet.DefaultServlet,-1,true
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - call filter org.apache.zeppelin.server.CorsFilter-5ae50ce6
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - call filter ShiroFilter
> 17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.mgt.DefaultSecurityManager
> - Resolved SubjectContext context session is invalid. Ignoring and
> creating an anonymous (session-less) Subject instance.
> org.apache.shiro.session.UnknownSessionException: There is no session
> with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.DefaultSessionManager.
> retrieveSessionFromDataSource(DefaultSessionManager.java:236)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(
> DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractValidatingSessionManag
> er.doGetSession(AbstractValidatingSessionManager.java:118)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.
> lookupSession(AbstractNativeSessionManager.java:108)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(
> AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(
> SessionsSecurityManager.java:125) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(
> DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(
> DefaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(
> DefaultSecurityManager.java:338) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.subject.WebSubject$Builder.
> buildWebSubject(WebSubject.java:148) [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
> [classes/:na]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
> [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.session.SessionHandler.
> doHandle(SessionHandler.java:223) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandler.
> doHandle(ContextHandler.java:1127) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.session.SessionHandler.
> doScope(SessionHandler.java:185) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandler.
> doScope(ContextHandler.java:1061) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(
> ContextHandlerCollection.java:215) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
> [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.s.s.mgt.DefaultSessionManager
> - Creating new EIS record for new session instance
> [org.apache.shiro.session.mgt.SimpleSession,id=null]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.web.servlet.SimpleCookie
> - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05;
> Path=/; HttpOnly]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.p.s.context.SAML2ContextProvider
> - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.r.i.AbstractMetadataResolver
> - Metadata backing store does not contain any EntityDescriptors with the
> ID: zeppelin
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.support.SAML2MetadataSupport
> - Selecting default IndexedEndpoint
>
>
> Thanks and Regards,
> Jaideep Singh
>
>
> On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <pb...@placeiq.com> wrote:
>
>> That is an impressively complex Shira.ini!
>>
>> 500 sounds like something isn't loading correctly. Have you looked at the
>> logs in /car/log/zeppelin?
>>
>> <http://www.placeiq.com/> <http://www.placeiq.com/>
>> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
>> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
>> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
>> <https://www.linkedin.com/company/placeiq>
>> <https://www.linkedin.com/company/placeiq>
>> DATA SCIENTIST
>> *(217) 390-3033 <(217)%20390-3033> *
>>
>> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
>> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
>> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
>> PlaceIQ:Location Data Accuracy]
>> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>>
>>
>> On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <Jaideep Singh
>> <Jaideep+Singh+%3Cjaideep333@gmail.com%3E>> wrote:
>>
>>> +users@zeppelin.incubator.apache.org
>>>
>>> On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <ja...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I am not able to load the zeppelin page after redirection from IDP. The
>>>> page loads with error 500.
>>>> I am using SAML based authentication for securing zeppelin home page
>>>> URL.
>>>> Please find the shiro.ini file as follows:
>>>> [main]
>>>> ############################################################
>>>> ################
>>>> # PROVIDERS :
>>>> ############################################################
>>>> ################
>>>> subjectFactory = io.buji.pac4j.ClientSubjectFactory
>>>> securityManager.subjectFactory = $subjectFactory
>>>>
>>>> facebookClient = org.pac4j.oauth.client.FacebookClient
>>>> facebookClient.key = 145278422258960
>>>> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>>>>
>>>> twitterClient = org.pac4j.oauth.client.TwitterClient
>>>> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
>>>> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>>>>
>>>> simpleAuthenticator = org.pac4j.http.credentials.aut
>>>> henticator.test.SimpleTestUsernamePasswordAuthenticator
>>>>
>>>> formClient = org.pac4j.http.client.indirect.FormClient
>>>> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
>>>> formClient.authenticator = $simpleAuthenticator
>>>>
>>>> basicAuthClient = org.pac4j.http.client.indirect
>>>> .IndirectBasicAuthClient
>>>> basicAuthClient.authenticator = $simpleAuthenticator
>>>>
>>>> casClient = org.pac4j.cas.client.CasClient
>>>> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
>>>> #casClient.gateway=true
>>>>
>>>> vkClient = org.pac4j.oauth.client.VkClient
>>>> vkClient.key = 4224582
>>>> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>>>>
>>>> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
>>>> saml2Config.keystorePath = samlKeystore.jks
>>>> saml2Config.keystorePassword = pac4j-demo-passwd
>>>> saml2Config.privateKeyPassword = pac4j-demo-passwd
>>>> saml2Config.identityProviderMetadataPath = metadata-okta.xml
>>>> saml2Config.maximumAuthenticationLifetime = 3600
>>>> saml2Config.serviceProviderEntityId = zeppelin
>>>> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>>>>
>>>> saml2Client = org.pac4j.saml.client.SAML2Client
>>>> saml2Client.configuration = $saml2Config
>>>>
>>>> clients = org.pac4j.core.client.Clients
>>>> clients.callbackUrl = http://10.11.198.126:8083/callback
>>>> clients.clients = $facebookClient,$twitterClient
>>>> ,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client
>>>>
>>>> ############################################################
>>>> ################
>>>> # REALM & FILTERS :
>>>> ############################################################
>>>> ################
>>>>
>>>>
>>>>
>>>> clientsRealm = io.buji.pac4j.ClientRealm
>>>> #clientsRealm = org.apache.zeppelin.realm.PamRealm
>>>> clientsRealm.defaultRoles = ROLE_USER
>>>> clientsRealm.clients = $clients
>>>>
>>>> clientsFilter = io.buji.pac4j.ClientFilter
>>>> clientsFilter.clients = $clients
>>>> clientsFilter.failureUrl = /error500.jsp
>>>>
>>>> sessionManager = org.apache.shiro.web.session.m
>>>> gt.DefaultWebSessionManager
>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>> securityManager.cacheManager = $cacheManager
>>>>
>>>> securityManager.sessionManager = $sessionManager
>>>> securityManager.sessionManager.globalSessionTimeout = 86400000
>>>>
>>>>
>>>>
>>>> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> facebookRoles.client = $facebookClient
>>>> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> twitterRoles.client = $twitterClient
>>>> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> formRoles.client = $formClient
>>>> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> basicAuthRoles.client = $basicAuthClient
>>>> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> casRoles.client = $casClient
>>>> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> vkRoles.client = $vkClient
>>>> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> saml2Roles.client = $saml2Client
>>>>
>>>> [roles]
>>>> admin = *
>>>>
>>>>
>>>> [urls]
>>>> /facebook/** = facebookRoles[ROLE_USER]
>>>> /twitter/** = twitterRoles[ROLE_USER]
>>>> /form/** = formRoles[ROLE_USER]
>>>> /basicauth/** = basicAuthRoles[ROLE_USER]
>>>> /cas/** = casRoles[ROLE_USER]
>>>> /vk/** = vkRoles[ROLE_USER]
>>>> /saml/** = saml2Roles[ROLE_USER]
>>>> /callback = clientsFilter
>>>> /logout = logout
>>>> /** = saml2Roles[ROLE_USER]
>>>> /api/version = anon
>>>> /api/interpreter/** = authc, roles[admin]
>>>> /api/configurations/** = authc, roles[admin]
>>>> /api/credential/** = authc, roles[admin]
>>>>
>>>>
>>>> I am attaching the video file for the error coming.
>>>>
>>>> Thanks,
>>>> Jaideep Singh
>>>>
>>>
>>>
>>
>
Re: Zeppelin not loading the index page after redirection from IDP
Posted by Jaideep Singh <ja...@gmail.com>.
+users@zeppelin.incubator.apache.org
On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <ja...@gmail.com> wrote:
> Hello,
>
> I am not able to load the zeppelin page after redirection from IDP. The
> page loads with error 500.
> I am using SAML based authentication for securing zeppelin home page URL.
> Please find the shiro.ini file as follows:
> [main]
> ############################################################
> ################
> # PROVIDERS :
> ############################################################
> ################
> subjectFactory = io.buji.pac4j.ClientSubjectFactory
> securityManager.subjectFactory = $subjectFactory
>
> facebookClient = org.pac4j.oauth.client.FacebookClient
> facebookClient.key = 145278422258960
> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>
> twitterClient = org.pac4j.oauth.client.TwitterClient
> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>
> simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.
> SimpleTestUsernamePasswordAuthenticator
>
> formClient = org.pac4j.http.client.indirect.FormClient
> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
> formClient.authenticator = $simpleAuthenticator
>
> basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
> basicAuthClient.authenticator = $simpleAuthenticator
>
> casClient = org.pac4j.cas.client.CasClient
> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
> #casClient.gateway=true
>
> vkClient = org.pac4j.oauth.client.VkClient
> vkClient.key = 4224582
> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>
> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
> saml2Config.keystorePath = samlKeystore.jks
> saml2Config.keystorePassword = pac4j-demo-passwd
> saml2Config.privateKeyPassword = pac4j-demo-passwd
> saml2Config.identityProviderMetadataPath = metadata-okta.xml
> saml2Config.maximumAuthenticationLifetime = 3600
> saml2Config.serviceProviderEntityId = zeppelin
> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>
> saml2Client = org.pac4j.saml.client.SAML2Client
> saml2Client.configuration = $saml2Config
>
> clients = org.pac4j.core.client.Clients
> clients.callbackUrl = http://10.11.198.126:8083/callback
> clients.clients = $facebookClient,$twitterClient,$formClient,$
> basicAuthClient,$casClient,$vkClient,$saml2Client
>
> ############################################################
> ################
> # REALM & FILTERS :
> ############################################################
> ################
>
>
>
> clientsRealm = io.buji.pac4j.ClientRealm
> #clientsRealm = org.apache.zeppelin.realm.PamRealm
> clientsRealm.defaultRoles = ROLE_USER
> clientsRealm.clients = $clients
>
> clientsFilter = io.buji.pac4j.ClientFilter
> clientsFilter.clients = $clients
> clientsFilter.failureUrl = /error500.jsp
>
> sessionManager = org.apache.shiro.web.session.
> mgt.DefaultWebSessionManager
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.globalSessionTimeout = 86400000
>
>
>
> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> facebookRoles.client = $facebookClient
> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> twitterRoles.client = $twitterClient
> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> formRoles.client = $formClient
> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> basicAuthRoles.client = $basicAuthClient
> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> casRoles.client = $casClient
> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> vkRoles.client = $vkClient
> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> saml2Roles.client = $saml2Client
>
> [roles]
> admin = *
>
>
> [urls]
> /facebook/** = facebookRoles[ROLE_USER]
> /twitter/** = twitterRoles[ROLE_USER]
> /form/** = formRoles[ROLE_USER]
> /basicauth/** = basicAuthRoles[ROLE_USER]
> /cas/** = casRoles[ROLE_USER]
> /vk/** = vkRoles[ROLE_USER]
> /saml/** = saml2Roles[ROLE_USER]
> /callback = clientsFilter
> /logout = logout
> /** = saml2Roles[ROLE_USER]
> /api/version = anon
> /api/interpreter/** = authc, roles[admin]
> /api/configurations/** = authc, roles[admin]
> /api/credential/** = authc, roles[admin]
>
>
> I am attaching the video file for the error coming.
>
> Thanks,
> Jaideep Singh
>