Details

    Description

      When SPNEGO is enabled (`ambari-server setup-kerberos`), the SSO (`ambari-server setup-sso`) redirect no longer works.

      How to reproduce:

      1. Enable SSO `ambari-server setup-sso`
      2. `ambari-server restart`
      3. Visit Ambari and notice that you are redirected to the SSO system (i.e. Knox)
      4. Enable SPNEGO `ambari-server setup-kerberos`
      5. `ambari-server restart`
      6. Visit Ambari and notice that you are NOT redirected to the SSO system (i.e. Knox)

      Attachments

        Activity

          rlevas Robert Levas added a comment -

          seano, This is an odd scenario - 2 SSO authentication method active for Ambari at the same time.

          Is there really a use case to support this, or should Ambari proactively disallow this?

          rlevas Robert Levas added a comment - seano , This is an odd scenario - 2 SSO authentication method active for Ambari at the same time. Is there really a use case to support this, or should Ambari proactively disallow this?
          seano Sean Roberts added a comment -

          rlevas As discussed on Chat, Auth Negotiation is a standard part of HTTP. It is very common to support multiple auth methods. And is major requirement for supporting humans while supporting automation (i.e. automated connections use kerberos, clients use kerberos or password).

          seano Sean Roberts added a comment - rlevas As discussed on Chat, Auth Negotiation is a standard part of HTTP. It is very common to support multiple auth methods. And is major requirement for supporting humans while supporting automation (i.e. automated connections use kerberos, clients use kerberos or password).
          hudson Hudson added a comment -

          FAILURE: Integrated in Jenkins build Ambari-branch-2.7 #204 (See https://builds.apache.org/job/Ambari-branch-2.7/204/)
          AMBARI-24536 Ambari SPNEGO breaks SSO redirect (rlevas: https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=f87c68a5c129c941b73ad14d280e286cb531ef6f)

          • (edit) ambari-web/test/router_test.js
          • (edit) ambari-server/src/main/java/org/apache/ambari/server/api/AmbariErrorHandler.java
          • (edit) ambari-web/app/router.js
          hudson Hudson added a comment - FAILURE: Integrated in Jenkins build Ambari-branch-2.7 #204 (See https://builds.apache.org/job/Ambari-branch-2.7/204/ ) AMBARI-24536 Ambari SPNEGO breaks SSO redirect (rlevas: https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=f87c68a5c129c941b73ad14d280e286cb531ef6f ) (edit) ambari-web/test/router_test.js (edit) ambari-server/src/main/java/org/apache/ambari/server/api/AmbariErrorHandler.java (edit) ambari-web/app/router.js
          hudson Hudson added a comment -

          FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #9900 (See https://builds.apache.org/job/Ambari-trunk-Commit/9900/)
          AMBARI-24536 Ambari SPNEGO breaks SSO redirect (rlevas: https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=5bd37c7cadcef0aaeccb48cdda0ac5043518231b)

          • (edit) ambari-web/test/router_test.js
          • (edit) ambari-web/app/router.js
          • (edit) ambari-server/src/main/java/org/apache/ambari/server/api/AmbariErrorHandler.java
          hudson Hudson added a comment - FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #9900 (See https://builds.apache.org/job/Ambari-trunk-Commit/9900/ ) AMBARI-24536 Ambari SPNEGO breaks SSO redirect (rlevas: https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=5bd37c7cadcef0aaeccb48cdda0ac5043518231b ) (edit) ambari-web/test/router_test.js (edit) ambari-web/app/router.js (edit) ambari-server/src/main/java/org/apache/ambari/server/api/AmbariErrorHandler.java

          People

            rlevas Robert Levas
            seano Sean Roberts
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h