You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Nick Allen <ni...@nickallen.org> on 2020/04/01 14:05:05 UTC
Re: Metron with Knox and reload issue
I am not sure Tom. Wish I could help. I'd suggest also asking on the
Apache Knox help forums.
On Sat, Mar 28, 2020 at 2:27 AM Yerex, Tom <to...@ubc.ca> wrote:
> Good evening,
>
> Working with the instructions from hxxps://
> github.com/apache/metron/tree/master/metron-interface
>
> This is a new installation and we are using LDAP with Metron and now
> attempting to use Knox for access control.
>
> Using Apache Metron Management and Alerts UI directly, the login works
> with LDAP credentials. When I try to access Metron Alerts or Management UI
> through the Apache Knox Gateway, it seems to get locked into an infinite
> refresh loop after authentication is successful.
>
> I am not sure if this has any bearing, we are using a self-signed
> certificate, although Metron Alerts and Management UI are simply over the
> standard ports with no SSL enabled.
>
> I have worked with Angular using nginx as a reverse-proxy for multiple
> Angular sites, and vaguely recall similar behaviour due to the way node
> must be made aware of the new URL path.
>
> For example, Angular/node expects the main URL to be "/", but when a
> reverse-proxy is applied the path may change to become "/site1/", and so
> additional steps need to be taken.
>
> I'm still not familiar enough with Knox, so I'm hoping someone else has
> faced this problem and can offer insight.
>
> Thank you,
>
> Tom.
>
>
>
>
>
Re: Metron with Knox and reload issue
Posted by larry mccay <la...@gmail.com>.
Hi Tom -
I assume you are using KnoxSSO.
Generally, the redirect loop is a result of one of a few things:
1. cookie isn't being presented by the browser
a. it is set as http only and you have disabled SSL in knox
b. the domain of the cookie is different from the domain of the endpoint
2. the cookie was never successfully set on the browser
Checking that the hadoop-jwt cookie is set on the browser in developer
tools is the place to start.
HTH,
--larry
On Wed, Apr 1, 2020 at 12:05 PM Yerex, Tom <to...@ubc.ca> wrote:
> Thanks Nick. If I find a solution I'll share that with the community. It
> might be PEBCAK, that remains to figure out.
>
> ;-)
>
> --
>
> *Tom Yerex*
>
> Cybersecurity Analyst, Information Technology
>
> Cybersecurity | CISO Office
>
> The University of British Columbia | Musqueam Traditional Territory
>
> Ponderosa Office Annex A | Vancouver BC | V6T1Z2 Canada
>
> Phone 604 822 6531
>
> Privacy Matters @ UBC
>
>
> On 2020-04-01 07:05:57-07:00 Nick Allen wrote:
>
> I am not sure Tom. Wish I could help. I'd suggest also asking on the
> Apache Knox help forums.
>
> On Sat, Mar 28, 2020 at 2:27 AM Yerex, Tom <to...@ubc.ca> wrote:
>
>> Good evening,
>>
>> Working with the instructions from hxxps://
>> github.com/apache/metron/tree/master/metron-interface
>>
>> This is a new installation and we are using LDAP with Metron and now
>> attempting to use Knox for access control.
>>
>> Using Apache Metron Management and Alerts UI directly, the login works
>> with LDAP credentials. When I try to access Metron Alerts or Management UI
>> through the Apache Knox Gateway, it seems to get locked into an infinite
>> refresh loop after authentication is successful.
>>
>> I am not sure if this has any bearing, we are using a self-signed
>> certificate, although Metron Alerts and Management UI are simply over the
>> standard ports with no SSL enabled.
>>
>> I have worked with Angular using nginx as a reverse-proxy for multiple
>> Angular sites, and vaguely recall similar behaviour due to the way node
>> must be made aware of the new URL path.
>>
>> For example, Angular/node expects the main URL to be "/", but when a
>> reverse-proxy is applied the path may change to become "/site1/", and so
>> additional steps need to be taken.
>>
>> I'm still not familiar enough with Knox, so I'm hoping someone else has
>> faced this problem and can offer insight.
>>
>> Thank you,
>>
>> Tom.
>>
>>
>>
>>
>>
>
RE: Metron with Knox and reload issue
Posted by "Yerex, Tom" <to...@ubc.ca>.
Thanks Nick. If I find a solution I'll share that with the community. It might be PEBCAK, that remains to figure out.
;-)
--
Tom Yerex
Cybersecurity Analyst, Information Technology
Cybersecurity | CISO Office
The University of British Columbia | Musqueam Traditional Territory
Ponderosa Office Annex A | Vancouver BC | V6T1Z2 Canada
Phone 604 822 6531
Privacy Matters @ UBC
On 2020-04-01 07:05:57-07:00 Nick Allen wrote:
I am not sure Tom. Wish I could help. I'd suggest also asking on the Apache Knox help forums.
On Sat, Mar 28, 2020 at 2:27 AM Yerex, Tom <to...@ubc.ca>> wrote:
Good evening,
Working with the instructions from hxxps://github.com/apache/metron/tree/master/metron-interface<http://github.com/apache/metron/tree/master/metron-interface>
This is a new installation and we are using LDAP with Metron and now attempting to use Knox for access control.
Using Apache Metron Management and Alerts UI directly, the login works with LDAP credentials. When I try to access Metron Alerts or Management UI through the Apache Knox Gateway, it seems to get locked into an infinite refresh loop after authentication is successful.
I am not sure if this has any bearing, we are using a self-signed certificate, although Metron Alerts and Management UI are simply over the standard ports with no SSL enabled.
I have worked with Angular using nginx as a reverse-proxy for multiple Angular sites, and vaguely recall similar behaviour due to the way node must be made aware of the new URL path.
For example, Angular/node expects the main URL to be "/", but when a reverse-proxy is applied the path may change to become "/site1/", and so additional steps need to be taken.
I'm still not familiar enough with Knox, so I'm hoping someone else has faced this problem and can offer insight.
Thank you,
Tom.