Major Description
Dear
We are using Apache Knox 1.5.0 to secure Zeppelin web UI. For the web UI access, all access will get redirected CORRECTLY to KNOXSSO page. Once the login successfully finishes, it gets redirected to the main page.
However, when querying REST API path, for example, just to get the note status, the redirection failed. Hereafter presents an example response:
{"status":"OK","message":"","body":{"redirectURL":"https://knoxhost.example.com:8443/gateway/knoxsso/api/v1/websso?originalUrl="}}
Please check the shiro.ini that we use:
[main] ### A sample for configuring Knox JWT Realm knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm ## Domain of Knox SSO knoxJwtRealm.providerUrl = https://knoxhost.example.com:8443/ ## Url for login knoxJwtRealm.login = gateway/knoxsso/api/v1/websso ## Url for logout knoxJwtRealm.logout = gateway/knoxssout/api/v1/webssout knoxJwtRealm.logoutAPI = false knoxJwtRealm.redirectParam = originalUrl knoxJwtRealm.cookieName = hadoop-jwt knoxJwtRealm.publicKeyPath = /etc/ssl/certificate knoxJwtRealm.groupPrincipalMapping = group.principal.mapping knoxJwtRealm.principalMapping = principal.mapping # This is required if KNOX SSO is enabled, to check if "knoxJwtRealm.cookieName" cookie was expired/deleted. authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager ### Enables 'HttpOnly' flag in Zeppelin cookies cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = JSESSIONID cookie.httpOnly = true cookie.secure = true sessionManager.sessionIdCookie = $cookie securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 shiro.loginUrl = /api/login [roles] admin = * [urls] /** = authc
Could you please take a look and see what was the reason for this issue?
Best regards
Tien Dat PHAN