nginx

[Vijay Srinivasaraghavan <vi...@yahoo.com>]

Hello,
I have configured nginx to front load the authentication (basic) to Zeppelin UI. With that, I am able to see the login dialog and it allows access to Zeppelin only after entering valid credentials. However, I believe the user/principal is not propopaged to AuthenticationInfo component and it is still treating the logged in user as "anonymous". 
Question: Is any one using nginx for authentication (instead of Shiro)? Do we need to perform any additional steps apart from the one that is documented?https://github.com/apache/incubator-zeppelin/blob/master/docs/security/authentication.md


RegardsVijay

Re: nginx

[Jeff Steinmetz <je...@gmail.com>]

We do use nginx, but nginx auth only (not zeppelin+shiro).

The nginx user will be the only authentication that takes place - it doesn’t pass anything to zeppelin (zeppelin is unaware of basic auth via nginx as far as I know).  
You are correct, that you can leave zeppelin setup for basic anonymous usage.
I believe you would need to enable shiro authentication if you want zeppelin to manage and be aware of the logged in user (which forgoes the need to use nginx auth, although you could still use nginx for ssl proxy).
Zeppelin can manage ssl as well if you want to bypass nginx all together.

Jeff Steinmetz




On 5/3/16, 1:56 PM, "Vijay Srinivasaraghavan" <vi...@yahoo.com.INVALID> wrote:

>Hello,
>I have configured nginx to front load the authentication (basic) to Zeppelin UI. With that, I am able to see the login dialog and it allows access to Zeppelin only after entering valid credentials. However, I believe the user/principal is not propopaged to AuthenticationInfo component and it is still treating the logged in user as "anonymous". 
>Question: Is any one using nginx for authentication (instead of Shiro)? Do we need to perform any additional steps apart from the one that is documented?https://github.com/apache/incubator-zeppelin/blob/master/docs/security/authentication.md
>
>
>RegardsVijay

Re: nginx

[Jeff Steinmetz <je...@gmail.com>]

We do use nginx, but nginx auth only (not zeppelin+shiro).

The nginx user will be the only authentication that takes place - it doesn’t pass anything to zeppelin (zeppelin is unaware of basic auth via nginx as far as I know).  
You are correct, that you can leave zeppelin setup for basic anonymous usage.
I believe you would need to enable shiro authentication if you want zeppelin to manage and be aware of the logged in user (which forgoes the need to use nginx auth, although you could still use nginx for ssl proxy).
Zeppelin can manage ssl as well if you want to bypass nginx all together.

Jeff Steinmetz




On 5/3/16, 1:56 PM, "Vijay Srinivasaraghavan" <vi...@yahoo.com.INVALID> wrote:

>Hello,
>I have configured nginx to front load the authentication (basic) to Zeppelin UI. With that, I am able to see the login dialog and it allows access to Zeppelin only after entering valid credentials. However, I believe the user/principal is not propopaged to AuthenticationInfo component and it is still treating the logged in user as "anonymous". 
>Question: Is any one using nginx for authentication (instead of Shiro)? Do we need to perform any additional steps apart from the one that is documented?https://github.com/apache/incubator-zeppelin/blob/master/docs/security/authentication.md
>
>
>RegardsVijay