You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Arpan Rajani (JIRA)" <ji...@apache.org> on 2016/08/16 10:14:20 UTC
[jira] [Created] (KNOX-735) Knox doesn't work with ldaps protocol
Arpan Rajani created KNOX-735:
---------------------------------
Summary: Knox doesn't work with ldaps protocol
Key: KNOX-735
URL: https://issues.apache.org/jira/browse/KNOX-735
Project: Apache Knox
Issue Type: Bug
Components: ClientDSL, Site
Affects Versions: 0.6.0
Environment: RHEL : Oracle Linux Server release 6.7
Curl Version : 7.19.7
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
Reporter: Arpan Rajani
When in the topology we place ssl authcBasic or authcBasic along with the
context factory using ldaps protocol we are unable to get Knox working.
When we try using Knox with curl Knox generates HTTP Error 503.
{code}
curl -i -k -u ad_user:P@ssword 'https://<Knox_SERVER_Hostname>:<KNOX_PORT>/gateway/default/templeton/v1/status'
{code}
Corresponding logs from Knox gateway are :
{code}
2016-08-15 17:12:41,971 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'ad_user' through LDAP
2016-08-15 17:12:41,972 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldaps://ldapURL:636] and principal [CN=CN_NAME,OU=Admin ,OU=MyUnit,DC=MyCompany,DC=local] with pooling enabled
2016-08-15 17:12:41,980 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/default; Max-Age=0; Expires=Sun, 14-Aug-2016 17:12:41 GMT]
2016-08-15 17:12:41,980 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication required: sending 401 Authentication challenge response.
2016-08-15 17:12:41,980 DEBUG server.Server (Server.java:handle(367)) - RESPONSE /gateway/default/templeton/v1/status 401 handled=true
{code}
The configuration we are using for Knox topology related to authencation are following
{code}
<param>
<name>urls./**</name>
<value>ssl authcBasic</value>
<!-- Also tried with authcBasic -->
<!-- change this to authBasic with ldap and port to 389 it works-->
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldaps://ldapURL636</value>
<!-- Switch this URL to use ldap and change port to 389 it works -->
</param>
{code}
I see this as a threat to IT systems which need to adhere certain compliance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)