You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@zeppelin.apache.org by Jaideep Singh <ja...@gmail.com> on 2017/05/01 12:31:16 UTC

Zeppelin not loading the index page after redirection from IDP

Hello,

I am not able to load the zeppelin page after redirection from IDP. The
page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator =
org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://10.11.198.126:8083/callback
clients.clients =
$facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh

Re: Zeppelin not loading the index page after redirection from IDP

Posted by Jaideep Singh <ja...@gmail.com>.

Hello Paul,

Thanks for your support, i am able to prototype it, as my shiro was not
updated, it resolved after updation to latest version.

Thanks,
Jaideep Singh

On Wednesday, May 3, 2017, Paul Brenner <pb...@placeiq.com> wrote:

> Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe
> someone will know the answer to your problem but my guess is that you are
> going to have to troubleshoot this by stripping out all that fancy
> complexity until you get a basic shiro.ini that works and then methodically
> add pieces back in until you see what is breaking. Once you know what is
> going on we would all appreciate your help adding to the documentation for
> using shiro with zeppelin.
>
> <http://www.placeiq.com/> <http://www.placeiq.com/>
> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
> <https://www.linkedin.com/company/placeiq>
> <https://www.linkedin.com/company/placeiq>
> DATA SCIENTIST
> *(217) 390-3033 <(217)%20390-3033> *
>
> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
> PlaceIQ:Location Data Accuracy]
> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>
>
> On Wed, May 03, 2017 at 8:36 AM Jaideep Singh <Jaideep Singh
> <javascript:_e(%7B%7D,'cvml','Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e');>>
> wrote:
>
>> Also attaching the screen shot for 2 JSession id which i got after
>> redirection.
>>
>> On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <jaideep333@gmail.com
>> <javascript:_e(%7B%7D,'cvml','jaideep333@gmail.com');>> wrote:
>>
>>> Hello,
>>>
>>> I have used saml based sso authentication on zeppelin url which is on
>>> localhost:8080. I am able to load the zeppelin page successfully if i
>>> disable the shiro.ini file. I have used sso authentication with wso2,
>>> configured in shiro.ini with metadata for idp and sp provided there.
>>> But after redirection from idp to zeppelin / url i am not able to load
>>> the page.
>>>
>>> Following are the assumption for problem occurence
>>> ***  Problem may be due to the websocket calls which are not initiating
>>> after redirection, but i can see it works if no authentication applied.
>>> ** *I am getting JSessionid after redirection from IDP. Is Zeppelin
>>> server also providing JSessionid which may cause conflicts?
>>>
>>> Plese help me to identify the problem.
>>>
>>> I am attaching the log file and shiro.ini.
>>>
>>> I have checked the log file the error i am getting is
>>>
>>>
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.serv
>>> er.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty.
>>> servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty.
>>> servlet.DefaultServlet,-1,true
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - call filter
>>> org.apache.zeppelin.server.CorsFilter-5ae50ce6
>>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.e.jetty.servlet.ServletHandler - call filter ShiroFilter
>>> 17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context
>>> session is invalid.  Ignoring and creating an anonymous (session-less)
>>> Subject instance.
>>> org.apache.shiro.session.UnknownSessionException: There is no session
>>> with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
>>> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSess
>>> ion(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS
>>> essionFromDataSource(DefaultSessionManager.java:236)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS
>>> ession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractValidatingSessionManage
>>> r.doGetSession(AbstractValidatingSessionManager.java:118)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lo
>>> okupSession(AbstractNativeSessionManager.java:108)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.ge
>>> tSession(AbstractNativeSessionManager.java:100)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
>>> ~[shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSe
>>> ssion(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(D
>>> efaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
>>> [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
>>> [shiro-core-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
>>> [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje
>>> ct(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt
>>> ernal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
>>> at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
>>> [shiro-web-1.2.3.jar:1.2.3]
>>> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
>>> [classes/:na]
>>> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>>> [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.ContextHandlerCollection.ha
>>> ndle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210
>>> .jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.Server.handle(Server.java:499)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
>>> [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
>>> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new
>>> session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie
>>> [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.p.s.context.SAML2ContextProvider - Creating message storage by
>>> org.pac4j.saml.storage.EmptyStorageFactory
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not
>>> contain any EntityDescriptors with the ID: zeppelin
>>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a
>>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG
>>> o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint
>>>
>>>
>>> Thanks and Regards,
>>> Jaideep Singh
>>>
>>>
>>> On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <pbrenner@placeiq.com
>>> <javascript:_e(%7B%7D,'cvml','pbrenner@placeiq.com');>> wrote:
>>>
>>>> That is an impressively complex Shira.ini!
>>>>
>>>> 500 sounds like something isn't loading correctly. Have you looked at
>>>> the logs in /car/log/zeppelin?
>>>>
>>>> <http://www.placeiq.com/> <http://www.placeiq.com/>
>>>> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
>>>> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
>>>> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
>>>> <https://www.linkedin.com/company/placeiq>
>>>> <https://www.linkedin.com/company/placeiq>
>>>> DATA SCIENTIST
>>>> *(217) 390-3033 <(217)%20390-3033> *
>>>>
>>>> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>>>> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>>>> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
>>>> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
>>>> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
>>>> PlaceIQ:Location Data Accuracy]
>>>> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>>>>
>>>>
>>>> On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <Jaideep Singh
>>>> <javascript:_e(%7B%7D,'cvml','Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e');>>
>>>> wrote:
>>>>
>>>>> +users@zeppelin.incubator.apache.org
>>>>> <javascript:_e(%7B%7D,'cvml','users@zeppelin.incubator.apache.org');>
>>>>>
>>>>> On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <jaideep333@gmail.com
>>>>> <javascript:_e(%7B%7D,'cvml','jaideep333@gmail.com');>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am not able to load the zeppelin page after redirection from IDP.
>>>>>> The page loads with error 500.
>>>>>> I am using SAML based authentication for securing zeppelin home page
>>>>>> URL.
>>>>>> Please find the shiro.ini file as follows:
>>>>>> [main]
>>>>>> ############################################################
>>>>>> ################
>>>>>> # PROVIDERS :
>>>>>> ############################################################
>>>>>> ################
>>>>>> subjectFactory = io.buji.pac4j.ClientSubjectFactory
>>>>>> securityManager.subjectFactory = $subjectFactory
>>>>>>
>>>>>> facebookClient = org.pac4j.oauth.client.FacebookClient
>>>>>> facebookClient.key = 145278422258960
>>>>>> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>>>>>>
>>>>>> twitterClient = org.pac4j.oauth.client.TwitterClient
>>>>>> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
>>>>>> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>>>>>>
>>>>>> simpleAuthenticator = org.pac4j.http.credentials.aut
>>>>>> henticator.test.SimpleTestUsernamePasswordAuthenticator
>>>>>>
>>>>>> formClient = org.pac4j.http.client.indirect.FormClient
>>>>>> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
>>>>>> formClient.authenticator = $simpleAuthenticator
>>>>>>
>>>>>> basicAuthClient = org.pac4j.http.client.indirect
>>>>>> .IndirectBasicAuthClient
>>>>>> basicAuthClient.authenticator = $simpleAuthenticator
>>>>>>
>>>>>> casClient = org.pac4j.cas.client.CasClient
>>>>>> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
>>>>>> #casClient.gateway=true
>>>>>>
>>>>>> vkClient = org.pac4j.oauth.client.VkClient
>>>>>> vkClient.key = 4224582
>>>>>> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>>>>>>
>>>>>> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
>>>>>> saml2Config.keystorePath = samlKeystore.jks
>>>>>> saml2Config.keystorePassword = pac4j-demo-passwd
>>>>>> saml2Config.privateKeyPassword = pac4j-demo-passwd
>>>>>> saml2Config.identityProviderMetadataPath = metadata-okta.xml
>>>>>> saml2Config.maximumAuthenticationLifetime = 3600
>>>>>> saml2Config.serviceProviderEntityId = zeppelin
>>>>>> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>>>>>>
>>>>>> saml2Client = org.pac4j.saml.client.SAML2Client
>>>>>> saml2Client.configuration = $saml2Config
>>>>>>
>>>>>> clients = org.pac4j.core.client.Clients
>>>>>> clients.callbackUrl = http://10.11.198.126:8083/callback
>>>>>> clients.clients = $facebookClient,$twitterClient
>>>>>> ,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client
>>>>>>
>>>>>> ############################################################
>>>>>> ################
>>>>>> # REALM & FILTERS :
>>>>>> ############################################################
>>>>>> ################
>>>>>>
>>>>>>
>>>>>>
>>>>>> clientsRealm = io.buji.pac4j.ClientRealm
>>>>>> #clientsRealm = org.apache.zeppelin.realm.PamRealm
>>>>>> clientsRealm.defaultRoles = ROLE_USER
>>>>>> clientsRealm.clients = $clients
>>>>>>
>>>>>> clientsFilter = io.buji.pac4j.ClientFilter
>>>>>> clientsFilter.clients = $clients
>>>>>> clientsFilter.failureUrl = /error500.jsp
>>>>>>
>>>>>> sessionManager = org.apache.shiro.web.session.m
>>>>>> gt.DefaultWebSessionManager
>>>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>>>> securityManager.cacheManager = $cacheManager
>>>>>>
>>>>>> securityManager.sessionManager = $sessionManager
>>>>>> securityManager.sessionManager.globalSessionTimeout = 86400000
>>>>>>
>>>>>>
>>>>>>
>>>>>> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> facebookRoles.client = $facebookClient
>>>>>> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> twitterRoles.client = $twitterClient
>>>>>> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> formRoles.client = $formClient
>>>>>> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> basicAuthRoles.client = $basicAuthClient
>>>>>> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> casRoles.client = $casClient
>>>>>> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> vkRoles.client = $vkClient
>>>>>> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>>>> saml2Roles.client = $saml2Client
>>>>>>
>>>>>> [roles]
>>>>>> admin = *
>>>>>>
>>>>>>
>>>>>> [urls]
>>>>>> /facebook/** = facebookRoles[ROLE_USER]
>>>>>> /twitter/** = twitterRoles[ROLE_USER]
>>>>>> /form/** = formRoles[ROLE_USER]
>>>>>> /basicauth/** = basicAuthRoles[ROLE_USER]
>>>>>> /cas/** = casRoles[ROLE_USER]
>>>>>> /vk/** = vkRoles[ROLE_USER]
>>>>>> /saml/** = saml2Roles[ROLE_USER]
>>>>>> /callback = clientsFilter
>>>>>> /logout = logout
>>>>>> /** = saml2Roles[ROLE_USER]
>>>>>> /api/version = anon
>>>>>> /api/interpreter/** = authc, roles[admin]
>>>>>> /api/configurations/** = authc, roles[admin]
>>>>>> /api/credential/** = authc, roles[admin]
>>>>>>
>>>>>>
>>>>>> I am attaching the video file for the error coming.
>>>>>>
>>>>>> Thanks,
>>>>>> Jaideep Singh
>>>>>>
>>>>>
>>>>>
>>>
>
>
>

Re: Zeppelin not loading the index page after redirection from IDP

Posted by Paul Brenner <pb...@placeiq.com>.

Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe someone will know the answer to your problem but my guess is that you are going to have to troubleshoot this by stripping out all that fancy complexity until you get a basic shiro.ini that works and then methodically add pieces back in until you see what is breaking. Once you know what is going on we would all appreciate your help adding to the documentation for using shiro with zeppelin. 

http://www.placeiq.com/ http://www.placeiq.com/ http://www.placeiq.com/

Paul Brenner

https://twitter.com/placeiq https://twitter.com/placeiq https://twitter.com/placeiq
https://www.facebook.com/PlaceIQ https://www.facebook.com/PlaceIQ
https://www.linkedin.com/company/placeiq https://www.linkedin.com/company/placeiq

DATA SCIENTIST

tel:(217)%20390-3033
 

 

http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/ http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/ http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/

On Wed, May 03, 2017 at 8:36 AM Jaideep Singh

<
mailto:Jaideep Singh <ja...@gmail.com>
> wrote:

a, pre, code, a:link, body { word-wrap: break-word !important; }

Also attaching the screen shot for 2 JSession id which i got after redirection.

On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh

<
mailto:jaideep333@gmail.com
>

wrote:

Hello,

I have used saml based sso authentication on zeppelin url which is on localhost:8080. I am able to load the zeppelin page successfully if i disable the shiro.ini file. I have used sso authentication with wso2, configured in shiro.ini with metadata for idp and sp provided there. 

But after redirection from idp to zeppelin / url i am not able to load the page.

Following are the assumption for problem occurence

*

  Problem may be due to the websocket calls which are not initiating after redirection, but i can see it works if no authentication applied.

* 

I am getting JSessionid after redirection from IDP. Is Zeppelin server also providing JSessionid which may cause conflicts?

Plese help me to identify the problem.

 

I am attaching the log file and shiro.ini

. 

I have checked the log file the error i am getting is 

17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.e.jetty.servlet.

ServletHandler - chain=org.apache.zeppelin.

server.CorsFilter-5ae50ce6->

ShiroFilter->org.eclipse.

jetty.servlet.DefaultServlet-

69b2283a@5b910f06==org.

eclipse.jetty.servlet.

DefaultServlet,-1,true

17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.e.jetty.servlet.

ServletHandler - call filter org.apache.zeppelin.server.

CorsFilter-5ae50ce6

17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.e.jetty.servlet.

ServletHandler - call filter ShiroFilter

17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.a.shiro.mgt.

DefaultSecurityManager - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.

org.apache.shiro.session.

UnknownSessionException: There is no session with id [804affc8-ea2c-40ad-9db8-

0492c9f1f134/api/security/

ticket]

at org.apache.shiro.session.mgt.

eis.AbstractSessionDAO.

readSession(

AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.session.mgt.

DefaultSessionManager.

retrieveSessionFromDataSource(

DefaultSessionManager.java:

236) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.session.mgt.

DefaultSessionManager.

retrieveSession(

DefaultSessionManager.java:

222) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.session.mgt.

AbstractValidatingSessionManag

er.doGetSession(

AbstractValidatingSessionManag

er.java:118) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.session.mgt.

AbstractNativeSessionManager.

lookupSession(

AbstractNativeSessionManager.

java:108) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.session.mgt.

AbstractNativeSessionManager.

getSession(

AbstractNativeSessionManager.

java:100) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.mgt.

SessionsSecurityManager.

getSession(

SessionsSecurityManager.java:

125) ~[shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.mgt.

DefaultSecurityManager.

resolveContextSession(

DefaultSecurityManager.java:

456) [shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.mgt.

DefaultSecurityManager.

resolveSession(

DefaultSecurityManager.java:

442) [shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.mgt.

DefaultSecurityManager.

createSubject(

DefaultSecurityManager.java:

338) [shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.subject.

Subject$Builder.buildSubject(

Subject.java:846) [shiro-core-1.2.3.jar:1.2.3]

at org.apache.shiro.web.subject.

WebSubject$Builder.

buildWebSubject(WebSubject.

java:148) [shiro-web-1.2.3.jar:1.2.3]

at org.apache.shiro.web.servlet.

AbstractShiroFilter.

createSubject(

AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]

at org.apache.shiro.web.servlet.

AbstractShiroFilter.

doFilterInternal(

AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]

at org.apache.shiro.web.servlet.

OncePerRequestFilter.doFilter(

OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]

at org.eclipse.jetty.servlet.

ServletHandler$CachedChain.

doFilter(ServletHandler.java:

1652) [jetty-servlet-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.apache.zeppelin.server.

CorsFilter.doFilter(

CorsFilter.java:72) [classes/:na]

at org.eclipse.jetty.servlet.

ServletHandler$CachedChain.

doFilter(ServletHandler.java:

1652) [jetty-servlet-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.servlet.

ServletHandler.doHandle(

ServletHandler.java:585) [jetty-servlet-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.ScopedHandler.handle(

ScopedHandler.java:143) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.security.

SecurityHandler.handle(

SecurityHandler.java:577) [jetty-security-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

session.SessionHandler.

doHandle(SessionHandler.java:

223) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.ContextHandler.

doHandle(ContextHandler.java:

1127) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.servlet.

ServletHandler.doScope(

ServletHandler.java:515) [jetty-servlet-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

session.SessionHandler.

doScope(SessionHandler.java:

185) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.ContextHandler.

doScope(ContextHandler.java:

1061) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.ScopedHandler.handle(

ScopedHandler.java:141) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.

ContextHandlerCollection.

handle(

ContextHandlerCollection.java:

215) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

handler.HandlerWrapper.handle(

HandlerWrapper.java:97) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

Server.handle(Server.java:499) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

HttpChannel.handle(

HttpChannel.java:311) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at org.eclipse.jetty.server.

HttpConnection.onFillable(

HttpConnection.java:257) [jetty-server-9.2.15.

v20160210.jar:9.2.15.

v20160210]

at
http://org.eclipse.jetty.io
.

AbstractConnection$2.run(

AbstractConnection.java:544) [jetty-io-9.2.15.v20160210.

jar:9.2.15.v20160210]

at org.eclipse.jetty.util.thread.

QueuedThreadPool.runJob(

QueuedThreadPool.java:635) [jetty-util-9.2.15.v20160210.

jar:9.2.15.v20160210]

at org.eclipse.jetty.util.thread.

QueuedThreadPool$3.run(

QueuedThreadPool.java:555) [jetty-util-9.2.15.v20160210.

jar:9.2.15.v20160210]

at java.lang.Thread.run(Thread.

java:745) [na:1.8.0_121]

17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.a.s.s.mgt.

DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.

SimpleSession,id=null]

17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.a.shiro.web.servlet.

SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-

4153-b45d-4d1b4f813a05; Path=/; HttpOnly]

17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.p.s.context.

SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.

EmptyStorageFactory

17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.o.s.m.r.i.

AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: zeppelin

17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-

40ad-9db8-0492c9f1f134/api/

security/ticket] DEBUG o.o.s.m.support.

SAML2MetadataSupport - Selecting default IndexedEndpoint

Thanks and Regards,

Jaideep Singh

On Tue, May 2, 2017 at 5:24 PM, Paul Brenner

<
mailto:pbrenner@placeiq.com
>

wrote:

That is an impressively complex Shira.ini!

500 sounds like something isn't loading correctly. Have you looked at the logs in /car/log/zeppelin?

http://www.placeiq.com/ http://www.placeiq.com/ http://www.placeiq.com/

Paul Brenner

https://twitter.com/placeiq https://twitter.com/placeiq https://twitter.com/placeiq
https://www.facebook.com/PlaceIQ https://www.facebook.com/PlaceIQ
https://www.linkedin.com/company/placeiq https://www.linkedin.com/company/placeiq

DATA SCIENTIST

tel:(217)%20390-3033
 

 

http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/ http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/ http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/ http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/ http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/

On Tue, May 02, 2017 at 1:51 AM Jaideep Singh

<
mailto:Jaideep+Singh+%3Cjaideep333@gmail.com%3E
> wrote:

+
mailto:users@zeppelin.incubator.apache.org

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh

<
mailto:jaideep333@gmail.com
>

wrote:

Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.

I am using SAML based authentication for securing zeppelin home page URL.

Please find the shiro.ini file as follows:

[main]

##############################

##############################

################

# PROVIDERS :

##############################

##############################

################

subjectFactory = io.buji.pac4j.ClientSubjectFac

tory

securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.Faceboo

kClient

facebookClient.key = 145278422258960

facebookClient.secret = be21409ba8f39b5dae2a7de525484d

a8

twitterClient = org.pac4j.oauth.client.Twitter

Client

twitterClient.key = CoxUiYwQOSFDReZYdjigBA

twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1V

zbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.aut

henticator.test.SimpleTestUser

namePasswordAuthenticator

formClient = org.pac4j.http.client.indirect

.FormClient

formClient.loginUrl =
http://10.11.198.126:8083/loginForm.jsp

formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect

.IndirectBasicAuthClient

basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient

casClient.casLoginUrl =
https://casserverpac4j.herokuapp.com

#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClien

t

vkClient.key = 4224582

vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2Cli

entConfiguration

saml2Config.keystorePath = samlKeystore.jks

saml2Config.keystorePassword = pac4j-demo-passwd

saml2Config.privateKeyPassword = pac4j-demo-passwd

saml2Config.identityProviderMe

tadataPath = metadata-okta.xml

saml2Config.maximumAuthenticat

ionLifetime = 3600

saml2Config.serviceProviderEnt

ityId = zeppelin

saml2Config.serviceProviderMet

adataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Cli

ent

saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients

clients.callbackUrl =
http://10.11.198.126:8083/callback

clients.clients = $facebookClient,$twitterClient

,$formClient,$basicAuthClient,

$casClient,$vkClient,$saml2Cli

ent

##############################

##############################

################

# REALM & FILTERS :

##############################

##############################

################

clientsRealm = io.buji.pac4j.ClientRealm

#clientsRealm = org.apache.zeppelin.realm.PamR

ealm

clientsRealm.defaultRoles = ROLE_USER

clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter

clientsFilter.clients = $clients

clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.m

gt.DefaultWebSessionManager 

cacheManager = org.apache.shiro.cache.MemoryC

onstrainedCacheManager 

securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 

securityManager.sessionManager

.globalSessionTimeout = 86400000

facebookRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

facebookRoles.client = $facebookClient

twitterRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

twitterRoles.client = $twitterClient

formRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

formRoles.client = $formClient

basicAuthRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

basicAuthRoles.client = $basicAuthClient

casRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

casRoles.client = $casClient

vkRoles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

vkRoles.client = $vkClient

saml2Roles = io.buji.pac4j.filter.ClientRol

esAuthorizationFilter

saml2Roles.client = $saml2Client

[roles]

admin = *

[urls]

/facebook/** = facebookRoles[ROLE_USER]

/twitter/** = twitterRoles[ROLE_USER]

/form/** = formRoles[ROLE_USER]

/basicauth/** = basicAuthRoles[ROLE_USER]

/cas/** = casRoles[ROLE_USER]

/vk/** = vkRoles[ROLE_USER]

/saml/** = saml2Roles[ROLE_USER]

/callback = clientsFilter

/logout = logout

/** = saml2Roles[ROLE_USER]

/api/version = anon

/api/interpreter/** = authc, roles[admin]

/api/configurations/** = authc, roles[admin]

/api/credential/** = authc, roles[admin]

I am attaching the video file for the error coming.

Thanks,

Jaideep Singh

Re: Zeppelin not loading the index page after redirection from IDP

Posted by Jaideep Singh <ja...@gmail.com>.

Also attaching the screen shot for 2 JSession id which i got after
redirection.

On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <ja...@gmail.com> wrote:

> Hello,
>
> I have used saml based sso authentication on zeppelin url which is on
> localhost:8080. I am able to load the zeppelin page successfully if i
> disable the shiro.ini file. I have used sso authentication with wso2,
> configured in shiro.ini with metadata for idp and sp provided there.
> But after redirection from idp to zeppelin / url i am not able to load the
> page.
>
> Following are the assumption for problem occurence
> ***  Problem may be due to the websocket calls which are not initiating
> after redirection, but i can see it works if no authentication applied.
> ** *I am getting JSessionid after redirection from IDP. Is Zeppelin
> server also providing JSessionid which may cause conflicts?
>
> Plese help me to identify the problem.
>
> I am attaching the log file and shiro.ini.
>
> I have checked the log file the error i am getting is
>
>
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - chain=org.apache.zeppelin.server.CorsFilter-5ae50ce6->
> ShiroFilter->org.eclipse.jetty.servlet.DefaultServlet-69b2283a@5b910f06
> ==org.eclipse.jetty.servlet.DefaultServlet,-1,true
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - call filter org.apache.zeppelin.server.CorsFilter-5ae50ce6
> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler
> - call filter ShiroFilter
> 17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.mgt.DefaultSecurityManager
> - Resolved SubjectContext context session is invalid.  Ignoring and
> creating an anonymous (session-less) Subject instance.
> org.apache.shiro.session.UnknownSessionException: There is no session
> with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.DefaultSessionManager.
> retrieveSessionFromDataSource(DefaultSessionManager.java:236)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(
> DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractValidatingSessionManag
> er.doGetSession(AbstractValidatingSessionManager.java:118)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.
> lookupSession(AbstractNativeSessionManager.java:108)
> ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(
> AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(
> SessionsSecurityManager.java:125) ~[shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(
> DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(
> DefaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(
> DefaultSecurityManager.java:338) [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
> [shiro-core-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.subject.WebSubject$Builder.
> buildWebSubject(WebSubject.java:148) [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> [shiro-web-1.2.3.jar:1.2.3]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
> [classes/:na]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.
> doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
> [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.session.SessionHandler.
> doHandle(SessionHandler.java:223) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandler.
> doHandle(ContextHandler.java:1127) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.session.SessionHandler.
> doScope(SessionHandler.java:185) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandler.
> doScope(ContextHandler.java:1061) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(
> ContextHandlerCollection.java:215) [jetty-server-9.2.15.
> v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
> [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.s.s.mgt.DefaultSessionManager
> - Creating new EIS record for new session instance
> [org.apache.shiro.session.mgt.SimpleSession,id=null]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.web.servlet.SimpleCookie
> - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05;
> Path=/; HttpOnly]
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.p.s.context.SAML2ContextProvider
> - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.r.i.AbstractMetadataResolver
> - Metadata backing store does not contain any EntityDescriptors with the
> ID: zeppelin
> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-
> 40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.support.SAML2MetadataSupport
> - Selecting default IndexedEndpoint
>
>
> Thanks and Regards,
> Jaideep Singh
>
>
> On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <pb...@placeiq.com> wrote:
>
>> That is an impressively complex Shira.ini!
>>
>> 500 sounds like something isn't loading correctly. Have you looked at the
>> logs in /car/log/zeppelin?
>>
>> <http://www.placeiq.com/> <http://www.placeiq.com/>
>> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq>
>> <https://twitter.com/placeiq> <https://twitter.com/placeiq>
>> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ>
>> <https://www.linkedin.com/company/placeiq>
>> <https://www.linkedin.com/company/placeiq>
>> DATA SCIENTIST
>> *(217) 390-3033 <(217)%20390-3033> *
>>
>> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/>
>> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/>
>> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP>
>> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/>
>> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image:
>> PlaceIQ:Location Data Accuracy]
>> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/>
>>
>>
>> On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <Jaideep Singh
>> <Jaideep+Singh+%3Cjaideep333@gmail.com%3E>> wrote:
>>
>>> +users@zeppelin.incubator.apache.org
>>>
>>> On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <ja...@gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I am not able to load the zeppelin page after redirection from IDP. The
>>>> page loads with error 500.
>>>> I am using SAML based authentication for securing zeppelin home page
>>>> URL.
>>>> Please find the shiro.ini file as follows:
>>>> [main]
>>>> ############################################################
>>>> ################
>>>> # PROVIDERS :
>>>> ############################################################
>>>> ################
>>>> subjectFactory = io.buji.pac4j.ClientSubjectFactory
>>>> securityManager.subjectFactory = $subjectFactory
>>>>
>>>> facebookClient = org.pac4j.oauth.client.FacebookClient
>>>> facebookClient.key = 145278422258960
>>>> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>>>>
>>>> twitterClient = org.pac4j.oauth.client.TwitterClient
>>>> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
>>>> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>>>>
>>>> simpleAuthenticator = org.pac4j.http.credentials.aut
>>>> henticator.test.SimpleTestUsernamePasswordAuthenticator
>>>>
>>>> formClient = org.pac4j.http.client.indirect.FormClient
>>>> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
>>>> formClient.authenticator = $simpleAuthenticator
>>>>
>>>> basicAuthClient = org.pac4j.http.client.indirect
>>>> .IndirectBasicAuthClient
>>>> basicAuthClient.authenticator = $simpleAuthenticator
>>>>
>>>> casClient = org.pac4j.cas.client.CasClient
>>>> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
>>>> #casClient.gateway=true
>>>>
>>>> vkClient = org.pac4j.oauth.client.VkClient
>>>> vkClient.key = 4224582
>>>> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>>>>
>>>> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
>>>> saml2Config.keystorePath = samlKeystore.jks
>>>> saml2Config.keystorePassword = pac4j-demo-passwd
>>>> saml2Config.privateKeyPassword = pac4j-demo-passwd
>>>> saml2Config.identityProviderMetadataPath = metadata-okta.xml
>>>> saml2Config.maximumAuthenticationLifetime = 3600
>>>> saml2Config.serviceProviderEntityId = zeppelin
>>>> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>>>>
>>>> saml2Client = org.pac4j.saml.client.SAML2Client
>>>> saml2Client.configuration = $saml2Config
>>>>
>>>> clients = org.pac4j.core.client.Clients
>>>> clients.callbackUrl = http://10.11.198.126:8083/callback
>>>> clients.clients = $facebookClient,$twitterClient
>>>> ,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client
>>>>
>>>> ############################################################
>>>> ################
>>>> # REALM & FILTERS :
>>>> ############################################################
>>>> ################
>>>>
>>>>
>>>>
>>>> clientsRealm = io.buji.pac4j.ClientRealm
>>>> #clientsRealm = org.apache.zeppelin.realm.PamRealm
>>>> clientsRealm.defaultRoles = ROLE_USER
>>>> clientsRealm.clients = $clients
>>>>
>>>> clientsFilter = io.buji.pac4j.ClientFilter
>>>> clientsFilter.clients = $clients
>>>> clientsFilter.failureUrl = /error500.jsp
>>>>
>>>> sessionManager = org.apache.shiro.web.session.m
>>>> gt.DefaultWebSessionManager
>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>>> securityManager.cacheManager = $cacheManager
>>>>
>>>> securityManager.sessionManager = $sessionManager
>>>> securityManager.sessionManager.globalSessionTimeout = 86400000
>>>>
>>>>
>>>>
>>>> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> facebookRoles.client = $facebookClient
>>>> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> twitterRoles.client = $twitterClient
>>>> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> formRoles.client = $formClient
>>>> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> basicAuthRoles.client = $basicAuthClient
>>>> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> casRoles.client = $casClient
>>>> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> vkRoles.client = $vkClient
>>>> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
>>>> saml2Roles.client = $saml2Client
>>>>
>>>> [roles]
>>>> admin = *
>>>>
>>>>
>>>> [urls]
>>>> /facebook/** = facebookRoles[ROLE_USER]
>>>> /twitter/** = twitterRoles[ROLE_USER]
>>>> /form/** = formRoles[ROLE_USER]
>>>> /basicauth/** = basicAuthRoles[ROLE_USER]
>>>> /cas/** = casRoles[ROLE_USER]
>>>> /vk/** = vkRoles[ROLE_USER]
>>>> /saml/** = saml2Roles[ROLE_USER]
>>>> /callback = clientsFilter
>>>> /logout = logout
>>>> /** = saml2Roles[ROLE_USER]
>>>> /api/version = anon
>>>> /api/interpreter/** = authc, roles[admin]
>>>> /api/configurations/** = authc, roles[admin]
>>>> /api/credential/** = authc, roles[admin]
>>>>
>>>>
>>>> I am attaching the video file for the error coming.
>>>>
>>>> Thanks,
>>>> Jaideep Singh
>>>>
>>>
>>>
>>
>

Re: Zeppelin not loading the index page after redirection from IDP

Posted by Jaideep Singh <ja...@gmail.com>.

+users@zeppelin.incubator.apache.org

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <ja...@gmail.com> wrote:

> Hello,
>
> I am not able to load the zeppelin page after redirection from IDP. The
> page loads with error 500.
> I am using SAML based authentication for securing zeppelin home page URL.
> Please find the shiro.ini file as follows:
> [main]
> ############################################################
> ################
> # PROVIDERS :
> ############################################################
> ################
> subjectFactory = io.buji.pac4j.ClientSubjectFactory
> securityManager.subjectFactory = $subjectFactory
>
> facebookClient = org.pac4j.oauth.client.FacebookClient
> facebookClient.key = 145278422258960
> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8
>
> twitterClient = org.pac4j.oauth.client.TwitterClient
> twitterClient.key = CoxUiYwQOSFDReZYdjigBA
> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs
>
> simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.
> SimpleTestUsernamePasswordAuthenticator
>
> formClient = org.pac4j.http.client.indirect.FormClient
> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp
> formClient.authenticator = $simpleAuthenticator
>
> basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
> basicAuthClient.authenticator = $simpleAuthenticator
>
> casClient = org.pac4j.cas.client.CasClient
> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
> #casClient.gateway=true
>
> vkClient = org.pac4j.oauth.client.VkClient
> vkClient.key = 4224582
> vkClient.secret = nDc4IHTqu8ioFMkHKifq
>
> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
> saml2Config.keystorePath = samlKeystore.jks
> saml2Config.keystorePassword = pac4j-demo-passwd
> saml2Config.privateKeyPassword = pac4j-demo-passwd
> saml2Config.identityProviderMetadataPath = metadata-okta.xml
> saml2Config.maximumAuthenticationLifetime = 3600
> saml2Config.serviceProviderEntityId = zeppelin
> saml2Config.serviceProviderMetadataPath = sp-metadata.xml
>
> saml2Client = org.pac4j.saml.client.SAML2Client
> saml2Client.configuration = $saml2Config
>
> clients = org.pac4j.core.client.Clients
> clients.callbackUrl = http://10.11.198.126:8083/callback
> clients.clients = $facebookClient,$twitterClient,$formClient,$
> basicAuthClient,$casClient,$vkClient,$saml2Client
>
> ############################################################
> ################
> # REALM & FILTERS :
> ############################################################
> ################
>
>
>
> clientsRealm = io.buji.pac4j.ClientRealm
> #clientsRealm = org.apache.zeppelin.realm.PamRealm
> clientsRealm.defaultRoles = ROLE_USER
> clientsRealm.clients = $clients
>
> clientsFilter = io.buji.pac4j.ClientFilter
> clientsFilter.clients = $clients
> clientsFilter.failureUrl = /error500.jsp
>
> sessionManager = org.apache.shiro.web.session.
> mgt.DefaultWebSessionManager
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.globalSessionTimeout = 86400000
>
>
>
> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> facebookRoles.client = $facebookClient
> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> twitterRoles.client = $twitterClient
> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> formRoles.client = $formClient
> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> basicAuthRoles.client = $basicAuthClient
> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> casRoles.client = $casClient
> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> vkRoles.client = $vkClient
> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
> saml2Roles.client = $saml2Client
>
> [roles]
> admin = *
>
>
> [urls]
> /facebook/** = facebookRoles[ROLE_USER]
> /twitter/** = twitterRoles[ROLE_USER]
> /form/** = formRoles[ROLE_USER]
> /basicauth/** = basicAuthRoles[ROLE_USER]
> /cas/** = casRoles[ROLE_USER]
> /vk/** = vkRoles[ROLE_USER]
> /saml/** = saml2Roles[ROLE_USER]
> /callback = clientsFilter
> /logout = logout
> /** = saml2Roles[ROLE_USER]
> /api/version = anon
> /api/interpreter/** = authc, roles[admin]
> /api/configurations/** = authc, roles[admin]
> /api/credential/** = authc, roles[admin]
>
>
> I am attaching the video file for the error coming.
>
> Thanks,
> Jaideep Singh
>