[ https://issues.apache.org/jira/browse/ATLAS-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nixon Rodrigues updated ATLAS-2166: ----------------------------------- Attachment: ATLAS-2166.2.patch > On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID > expired (idle for a long time) , logs in as knox user. > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: ATLAS-2166 > URL: https://issues.apache.org/jira/browse/ATLAS-2166 > Project: Atlas > Issue Type: Bug > Components: atlas-intg > Affects Versions: 1.0.0, 0.8.2 > Reporter: Sharmadha Sainath > Assignee: Nixon Rodrigues > Attachments: ATLAS-2166.2.patch, ATLAS-2166.patch, > Atlas_knox_proxy_1.mov > > > 1. Added the following topology ui.xml in knox topologies : > {code} > <topology> > <gateway> > <provider> > <role>authentication</role> > <name>Anonymous</name> > <enabled>true</enabled> > </provider> > <provider> > <role>identity-assertion</role> > <name>Default</name> > <enabled>false</enabled> > </provider> > </gateway> > <service> > <role>ATLAS</role> > <url>http://atlashost:21000</url> > </service> > <service> > <role>ATLAS-API</role> > <url>http://atlashost:21000</url> > </service> > </topology> > {code} > 2. Accessed Atlas UI via knox proxy : > {code} > https://knoxhost:8443/gateway/ui/atlas/ > {code} > with user admin. > 3.Left the page idle for a long time (approx 60 mins) . When refreshed , > expected that it would land in login.jsp and ask for username and password. > Instead , it logged in as knox user. > Following logs from application logs : > {code} > 2017-09-22 07:17:23,267 INFO - [Thread-6:] ~ TGT valid starting at: > Fri Sep 22 07:17:23 UTC 2017 (Login:302) > 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT expires: > Sat Sep 23 07:17:23 UTC 2017 (Login:303) > 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT refresh sleeping until: Sat > Sep 23 03:38:59 UTC 2017 (Login:181) > 2017-09-22 08:28:23,731 INFO - [pool-2-thread-9:] ~ Logged into Atlas as = > knox (AtlasAuthenticationFilter:291) > 2017-09-22 08:28:23,732 INFO - > [pool-2-thread-9:knox:POST/api/atlas/v2/search/basic] ~ Request from > authenticated user: knox, URL=/api/atlas/v2/search/basic > (AtlasAuthenticationFilter:305) > 2017-09-22 08:28:26,685 INFO - > [org.apache.ranger.audit.queue.AuditBatchQueue1:] ~ Audit Status Log: > name=atlas.async.multi_dest.batch.solr, interval=01:40:30.245 hours, > events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363 > (BaseAuditHandler:310) > 2017-09-22 08:28:26,706 INFO - > [org.apache.ranger.audit.queue.AuditBatchQueue0:] ~ Audit Status Log: > name=atlas.async.multi_dest.batch.hdfs, interval=01:40:30.247 hours, > events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363 > (BaseAuditHandler:310) > {code} > Note : Accessed Atlas UI at 08:28:23,731 after 07:17:23,268 > No suspicious logs from knox gateway.log. > 4. Tried to reproduce the issue by deleting the ATLASSESSIONID and refreshed > the page. This time it landed in login.jsp correctly. > Not sure what other cases can reproduce this issue. > Attached the video recording of the scenario explained. > Note : Ranger Atlas plugin is enabled. Not sure where Atlas fetches the knox > user from. Atlas' users-credentials.properties has only admin and > rangertagsync users. -- This message was sent by Atlassian JIRA (v6.4.14#64029)