You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Vladimir Prus <vl...@gmail.com> on 2021/02/09 11:25:36 UTC
Zeppelin behind authenticating proxy
Hi,
I would like to run Zeppelin behind authenticating proxy, so that:
- The proxy handles all authentication, including setting a cookie to
remember the user
- It passes a username header to Zeppelin
- Zeppelin takes that username header and trusts it - it should show the
user as
authorized and use that username when starting interpreter or evaluating
notebook
permissions
While the documentation mentions how to setup nginx as proxy, I can't
find any information about the second part - passing username to Zeppelin,
and actually using it.
Shiro documentation is likewise not helpful.
How can I accomplish what I want?
--
Vladimir Prus
http://vladimirprus.com
Re: Zeppelin behind authenticating proxy
Posted by moon soo Lee <mo...@apache.org>.
Glad to hear it helped! Thanks for sharing!
On Fri, Feb 12, 2021 at 12:12 PM Vladimir Prus <vl...@gmail.com>
wrote:
> I have tried some permutations, and one of them ended up working fine, so
> shiro-remote-user appears to be perfectly OK, thanks.
>
> (Still no idea what is wrong in my original setup, but it involved two
> proxies, and a load balancer, and one of them must
> be messing up some part of protocol)
>
> On Fri, Feb 12, 2021 at 10:46 PM Vladimir Prus <vl...@gmail.com>
> wrote:
>
>> Hi,
>>
>> that seems exactly what I was looking for. I gave it a try, and got
>> half-way through:
>>
>> - Zeppelin shows the username I set in header, and websocket is
>> connected, and I can use menu with no issues
>> - The main content is however empty - I see no list of notebooks at all.
>> Looks at websocket messages, I see LIST_NOTES that returns
>> empty list of notes. I have verified that if I revert shiro.ini to my
>> previous version (which uses ldap), the list of notebooks is present.
>>
>> Does this point to some obvious misconfiguration on my side?
>>
>> On Fri, Feb 12, 2021 at 3:12 AM moon soo Lee <mo...@apache.org> wrote:
>>
>>> Hi,
>>>
>>> I haven't tried it personally, but this repository might help
>>> https://github.com/leighklotz/shiro-remote-user
>>>
>>> Thanks,
>>> moon
>>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 3:25 AM Vladimir Prus <vl...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I would like to run Zeppelin behind authenticating proxy, so that:
>>>>
>>>> - The proxy handles all authentication, including setting a cookie to
>>>> remember the user
>>>> - It passes a username header to Zeppelin
>>>> - Zeppelin takes that username header and trusts it - it should show
>>>> the user as
>>>> authorized and use that username when starting interpreter or
>>>> evaluating notebook
>>>> permissions
>>>>
>>>> While the documentation mentions how to setup nginx as proxy, I can't
>>>> find any information about the second part - passing username to
>>>> Zeppelin, and actually using it.
>>>> Shiro documentation is likewise not helpful.
>>>>
>>>> How can I accomplish what I want?
>>>>
>>>> --
>>>> Vladimir Prus
>>>> http://vladimirprus.com
>>>>
>>>
>>
>> --
>> Vladimir Prus
>> http://vladimirprus.com
>>
>
>
> --
> Vladimir Prus
> http://vladimirprus.com
>
Re: Zeppelin behind authenticating proxy
Posted by Vladimir Prus <vl...@gmail.com>.
I have tried some permutations, and one of them ended up working fine, so
shiro-remote-user appears to be perfectly OK, thanks.
(Still no idea what is wrong in my original setup, but it involved two
proxies, and a load balancer, and one of them must
be messing up some part of protocol)
On Fri, Feb 12, 2021 at 10:46 PM Vladimir Prus <vl...@gmail.com>
wrote:
> Hi,
>
> that seems exactly what I was looking for. I gave it a try, and got
> half-way through:
>
> - Zeppelin shows the username I set in header, and websocket is connected,
> and I can use menu with no issues
> - The main content is however empty - I see no list of notebooks at all.
> Looks at websocket messages, I see LIST_NOTES that returns
> empty list of notes. I have verified that if I revert shiro.ini to my
> previous version (which uses ldap), the list of notebooks is present.
>
> Does this point to some obvious misconfiguration on my side?
>
> On Fri, Feb 12, 2021 at 3:12 AM moon soo Lee <mo...@apache.org> wrote:
>
>> Hi,
>>
>> I haven't tried it personally, but this repository might help
>> https://github.com/leighklotz/shiro-remote-user
>>
>> Thanks,
>> moon
>>
>>
>>
>> On Tue, Feb 9, 2021 at 3:25 AM Vladimir Prus <vl...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I would like to run Zeppelin behind authenticating proxy, so that:
>>>
>>> - The proxy handles all authentication, including setting a cookie to
>>> remember the user
>>> - It passes a username header to Zeppelin
>>> - Zeppelin takes that username header and trusts it - it should show the
>>> user as
>>> authorized and use that username when starting interpreter or evaluating
>>> notebook
>>> permissions
>>>
>>> While the documentation mentions how to setup nginx as proxy, I can't
>>> find any information about the second part - passing username to
>>> Zeppelin, and actually using it.
>>> Shiro documentation is likewise not helpful.
>>>
>>> How can I accomplish what I want?
>>>
>>> --
>>> Vladimir Prus
>>> http://vladimirprus.com
>>>
>>
>
> --
> Vladimir Prus
> http://vladimirprus.com
>
--
Vladimir Prus
http://vladimirprus.com
Re: Zeppelin behind authenticating proxy
Posted by Vladimir Prus <vl...@gmail.com>.
Hi,
that seems exactly what I was looking for. I gave it a try, and got
half-way through:
- Zeppelin shows the username I set in header, and websocket is connected,
and I can use menu with no issues
- The main content is however empty - I see no list of notebooks at all.
Looks at websocket messages, I see LIST_NOTES that returns
empty list of notes. I have verified that if I revert shiro.ini to my
previous version (which uses ldap), the list of notebooks is present.
Does this point to some obvious misconfiguration on my side?
On Fri, Feb 12, 2021 at 3:12 AM moon soo Lee <mo...@apache.org> wrote:
> Hi,
>
> I haven't tried it personally, but this repository might help
> https://github.com/leighklotz/shiro-remote-user
>
> Thanks,
> moon
>
>
>
> On Tue, Feb 9, 2021 at 3:25 AM Vladimir Prus <vl...@gmail.com>
> wrote:
>
>> Hi,
>>
>> I would like to run Zeppelin behind authenticating proxy, so that:
>>
>> - The proxy handles all authentication, including setting a cookie to
>> remember the user
>> - It passes a username header to Zeppelin
>> - Zeppelin takes that username header and trusts it - it should show the
>> user as
>> authorized and use that username when starting interpreter or evaluating
>> notebook
>> permissions
>>
>> While the documentation mentions how to setup nginx as proxy, I can't
>> find any information about the second part - passing username to
>> Zeppelin, and actually using it.
>> Shiro documentation is likewise not helpful.
>>
>> How can I accomplish what I want?
>>
>> --
>> Vladimir Prus
>> http://vladimirprus.com
>>
>
--
Vladimir Prus
http://vladimirprus.com
Re: Zeppelin behind authenticating proxy
Posted by moon soo Lee <mo...@apache.org>.
Hi,
I haven't tried it personally, but this repository might help
https://github.com/leighklotz/shiro-remote-user
Thanks,
moon
On Tue, Feb 9, 2021 at 3:25 AM Vladimir Prus <vl...@gmail.com>
wrote:
> Hi,
>
> I would like to run Zeppelin behind authenticating proxy, so that:
>
> - The proxy handles all authentication, including setting a cookie to
> remember the user
> - It passes a username header to Zeppelin
> - Zeppelin takes that username header and trusts it - it should show the
> user as
> authorized and use that username when starting interpreter or evaluating
> notebook
> permissions
>
> While the documentation mentions how to setup nginx as proxy, I can't
> find any information about the second part - passing username to Zeppelin,
> and actually using it.
> Shiro documentation is likewise not helpful.
>
> How can I accomplish what I want?
>
> --
> Vladimir Prus
> http://vladimirprus.com
>