[I] Additional username/password login required even after SSO login using pac4j (druid)

Mon, 27 Nov 2023 07:07:22 -0800 


Subhashini2610 opened a new issue, #15436:
URL: https://github.com/apache/druid/issues/15436

   
   ### Description
   
   Please include as much detailed information about the problem as possible.
   I am trying to install Druid on K8s cluster using Helm chart. I need to add 
the SSO (Open ID connect) on to the router. For this, I am using pac4j.
   However, even after the SSO, I am prompted with a username/password dialog 
box as can be seen in the screenshot. I do not want to have two login sessions. 
The SSO login must be the one which identifies the user and assigns the 
necessary roles. Please help here!!!
   
   <img width="1512" alt="Screenshot 2023-11-27 at 7 34 37 PM" 
src="https://github.com/apache/druid/assets/54573581/d4b70a9f-1c55-4338-8905-69f236fc00e4";>
   
   
   The below are the configurations on the router:
   ```
   2023-11-27T13:56:25+0000 startup service router
   Setting druid.host=10.4.0.28 in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.BasicMetadataAuthenticator.skipOnFailure=false in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.indexer.logs.type=file in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authorizer.BasicMetadataAuthorizer.enableCacheNotifications=true in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authenticator.pac4j.type=pac4j in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authenticatorChain=["pac4j"] in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.BasicMetadataAuthenticator.initialAdminPassword=xxxxxxxxxx
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authorizer.BasicMetadataAuthorizer.initialAdminRole=admin 
in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.escalator.internalClientUsername=druid_system in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.extensions.loadList=["druid-basic-security", "druid-pac4j", 
"druid-multi-stage-query", "druid-stats", "druid-datasketches", 
"druid-kafka-indexing-service", "druid-protobuf-extensions", 
"druid-parquet-extensions", "druid-orc-extensions", "druid-azure-extensions", 
"druid-histogram", "druid-datasketches", "druid-lookups-cached-global", 
"postgresql-metadata-storage", "statsd-emitter"] in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authenticator.BasicMetadataAuthenticator.type=basic in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.azure.key=xxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.enablePlaintextPort=true in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.pac4j.oidc.clientID=xxxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.escalator.authorizerName=BasicMetadataAuthorizer in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.pac4j.cookiePassphrase=xxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.pac4j.oidc.oidcClaim=sub in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.pac4j.oidc.clientSecret=xxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.metadata.storage.type=postgresql in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.emitter.http.recipientBaseUrl=http://druid_exporter_url/:druid_exporter_port/druid
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.BasicMetadataAuthenticator.initialInternalClientPassword=xxxxxxx
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.azure.container=deepstorage in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.metadata.storage.connector.connectURI=jdbc:postgresql://dipeopensource.postgres.database.azure.com:5432/druid
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.BasicMetadataAuthenticator.credentialsValidator.type=metadata
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authorizer.allowAll.type=allowAll in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.storage.type=azure in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.pac4j.oidc.discoveryURI=https://xxxxxxxx.net/v1/.well-known/openid-configuration
 in /tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authorizer.BasicMetadataAuthorizer.roleProvider.type=context in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.metadata.storage.connector.user=druid_user in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.escalator.internalClientPassword=xxxxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.pac4j.authorizerName=BasicMetadataAuthorizer in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.router.managementProxy.enabled=true in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.indexer.logs.directory=/opt/data/indexing-logs in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.zk.service.host=druid-zookeeper-headless:2181 in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authorizer.BasicMetadataAuthorizer.type=basic in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.escalator.type=basic in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.emitter=noop in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting 
druid.auth.authenticator.BasicMetadataAuthenticator.authorizerName=allowAll in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.metadata.storage.connector.password=xxxxxxxxx in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.emitter.logging.logLevel=debug in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.metadata.postgres.ssl.sslMode=require in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.auth.authorizers=["BasicMetadataAuthorizer", "allowAll"] in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   Setting druid.azure.account=dipedevdsstorage in 
/tmp/conf/druid/cluster/query/router/runtime.properties
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to