You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Arpan Rajani (JIRA)" <ji...@apache.org> on 2016/08/16 10:14:20 UTC

[jira] [Created] (KNOX-735) Knox doesn't work with ldaps protocol

Arpan Rajani created KNOX-735:
---------------------------------

             Summary: Knox doesn't work with ldaps protocol
                 Key: KNOX-735
                 URL: https://issues.apache.org/jira/browse/KNOX-735
             Project: Apache Knox
          Issue Type: Bug
          Components: ClientDSL, Site
    Affects Versions: 0.6.0
         Environment: RHEL : Oracle Linux Server release 6.7
Curl Version : 7.19.7
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
            Reporter: Arpan Rajani


When in the topology we place ssl authcBasic or authcBasic along with the 
context factory using ldaps protocol we are unable to get Knox working. 
When we try using Knox with curl Knox generates HTTP Error 503. 
{code}
curl -i -k -u ad_user:P@ssword 'https://<Knox_SERVER_Hostname>:<KNOX_PORT>/gateway/default/templeton/v1/status'
{code}

Corresponding logs from Knox gateway are :

{code}
2016-08-15 17:12:41,971 DEBUG ldap.JndiLdapRealm (JndiLdapRealm.java:queryForAuthenticationInfo(369)) - Authenticating user 'ad_user' through LDAP
2016-08-15 17:12:41,972 DEBUG ldap.JndiLdapContextFactory (JndiLdapContextFactory.java:getLdapContext(488)) - Initializing LDAP context using URL [ldaps://ldapURL:636] and principal [CN=CN_NAME,OU=Admin ,OU=MyUnit,DC=MyCompany,DC=local] with pooling enabled
2016-08-15 17:12:41,980 DEBUG servlet.SimpleCookie (SimpleCookie.java:addCookieHeader(226)) - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/default; Max-Age=0; Expires=Sun, 14-Aug-2016 17:12:41 GMT]
2016-08-15 17:12:41,980 DEBUG authc.BasicHttpAuthenticationFilter (BasicHttpAuthenticationFilter.java:sendChallenge(274)) - Authentication required: sending 401 Authentication challenge response.
2016-08-15 17:12:41,980 DEBUG server.Server (Server.java:handle(367)) - RESPONSE /gateway/default/templeton/v1/status  401 handled=true
{code}

The configuration we are using for Knox topology related to authencation are following 
{code}
  <param>
            <name>urls./**</name>
            <value>ssl authcBasic</value>
           <!-- Also tried with authcBasic -->
           <!-- change this to authBasic with ldap and port to 389 it works-->
         </param>

         <param>
            <name>main.ldapRealm.contextFactory.url</name>
            <value>ldaps://ldapURL636</value>
            <!-- Switch this URL to use ldap and change port to 389 it works -->
         </param>
{code}

I see this as a threat to IT systems which need to adhere certain  compliance. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)