You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by gaderrick <je...@gmail.com> on 2018/10/21 13:47:11 UTC
Using Shiro + NGINX + Pac4j + Active Directory + CAC Card (for
Zeppelin)
Hello-
I'm trying to configure Zeppelin (installed on HDP 3.0.1) to authenticate to
our Active Directory using CAC/PIV cards. We're using NGINX to
capture/forward the header info (which holds) the info on the CAC card to
authenticate the user, but when I click on the "Login" button on the
Zeppelin home page, it "pops up" the default Zeppelin login window
(expecting an email/user and password).
Does anyone know why this is happening, and more importantly how to fix it?
My hunch is that the line in the shiro init section needs to change from
"/app/login", but I haven't found another option for CAC cards.
Thanks in advance.
Jerry
--
Sent from: http://shiro-developer.582600.n2.nabble.com/
Re: Using Shiro + NGINX + Pac4j + Active Directory + CAC Card (for Zeppelin)
Posted by Brian Demers <br...@gmail.com>.
I'm not 100% sure how the Zeppelin integration works, but assuming it is
just a filter, you should be able to change it.
Take a look at how the basic auth filter works:
https://github.com/apache/shiro/blob/master/samples/jaxrs/src/main/resources/shiro.ini#L29
(it pulls the credentials from a header).
The tricky part might be what to do on an auth failure. Do you just respond
with a 401/403, or to you redirect back to some "login page" that NGINX
manages? (the `authBasic` filter will just respond with status codes by
default). If that isn't what you want you would need to take a look at how
the `FormAuthenticationFilter` handles this, (but status codes might be
enough if you are just routing through NGINX)
Keep us posted!
On Sun, Oct 21, 2018 at 9:47 AM gaderrick <je...@gmail.com> wrote:
> Hello-
>
> I'm trying to configure Zeppelin (installed on HDP 3.0.1) to authenticate
> to
> our Active Directory using CAC/PIV cards. We're using NGINX to
> capture/forward the header info (which holds) the info on the CAC card to
> authenticate the user, but when I click on the "Login" button on the
> Zeppelin home page, it "pops up" the default Zeppelin login window
> (expecting an email/user and password).
>
> Does anyone know why this is happening, and more importantly how to fix it?
> My hunch is that the line in the shiro init section needs to change from
> "/app/login", but I haven't found another option for CAC cards.
>
> Thanks in advance.
>
> Jerry
>
>
>
> --
> Sent from: http://shiro-developer.582600.n2.nabble.com/
>