You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "PRAVEEN K RAVIKUMAR (JIRA)" <ji...@apache.org> on 2018/07/13 19:39:00 UTC
[jira] [Created] (KNOX-1388) Enable SAML authentication in Knox
PRAVEEN K RAVIKUMAR created KNOX-1388:
-----------------------------------------
Summary: Enable SAML authentication in Knox
Key: KNOX-1388
URL: https://issues.apache.org/jira/browse/KNOX-1388
Project: Apache Knox
Issue Type: Task
Components: KnoxSSO
Reporter: PRAVEEN K RAVIKUMAR
Hi,
I'm Praveen. I'm working to enable SAML authentication in Apache knox for our client. Currently I'm facing few issues after setting up SSO related config in KNOX.
on accessing the YarnUI after starting the gateway, The browser gets redirected to the Identity provider URL -> asks for the login credentials -> on submitting the user is getting authenticated but the application gets landed to https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and throws page not found error.
I'm seeing the SAML request sent and SAML response getting received but it gets landed to an invalid page after authentication. I'm unable to figure out the page to land after authentication.
Our Client uses : Ping Federate Identity provider.
Listed below the configurations setup and also attached screen shots for better understanding.
IDP -> Config
-------------
Entity ID - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 (I'm not sure the target URL is valid, I suspect the page is getting redirected to this link after auth)
KnoxSSO.xml
------------
<topology>
<gateway>
<provider>
<role>federation</role>
<name>pac4j</name>
<enabled>true</enabled>
<param>
<name>pac4j.callbackUrl</name>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
</param>
<param>
<name>clientName</name>
<value>SAML2Client</value>
</param>
<param>
<name>saml.identityProviderMetadataPath</name>
<value>/tmp/preprod_metadata_SP.xml</value>
</param>
<param>
<name>saml.serviceProviderMetadataPath</name>
<value>/tmp/preprod_metadata_SP.xml</value>
</param>
<param>
<name>saml.serviceProviderEntityId</name>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>KNOXSSO</role>
<param>
<name>knoxsso.cookie.secure.only</name>
<value>true</value>
</param>
<param>
<name>knoxsso.token.ttl</name>
<value>100000</value>
</param>
<param>
<name>knoxsso.redirect.whitelist.regex</name>
<value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
</param>
</service>
</topology>
gate1.xml
---------
<?xml version="1.0" encoding="utf-8"?>
<topology>
<gateway>
<provider>
<role>federation</role>
<name>SSOCookieProvider</name>
<enabled>true</enabled>
<param>
<name>sso.authentication.provider.url</name>
<value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>YARNUI</role>
<url>http://ip-10-89-71-228.vpc.internal:8088</url>
</service>
</topology>
Could you please help me in this, would be very helpful to proceed further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)