jeff created KNOX-730:
-------------------------
Summary: pac4jRequestedUrl = null after saml2 assertion is parsed
Key: KNOX-730
URL: https://issues.apache.org/jira/browse/KNOX-730
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 0.9.0
Environment: rhel
Reporter: jeff
We are working with a hadoop system and trying to get the knox saml2 support
working with our IDP. (note, this is not Okta but another IDP we use with many
of our commercial clients internal and external.)
We have successfully configured knox 0.9.0 to handle the redirection to idp, we
clearly see the assertion being passed back and being parsed by the pc4j
component and the requestedurl being stored.
HOWEVER, it seems that when knox goes to retrieve this info, it finds a null.
(from last line of log snippet below) 2016-07-22 13:16:27,818 DEBUG
session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session:
pac4jRequestedUrl = null
and therefore the final redirect seems to default to '/' instead of the actual
requestedurl (in this case
https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS)
2016-07-22 13:13:03,911 INFO hadoop.gateway
(GatewayServer.java:startGateway(294)) - Started gateway on port 8,445.
2016-07-22 13:15:58,995 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116))
- Received request: GET /webhdfs/v1/
2016-07-22 13:15:59,736 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null
2016-07-22 13:15:59,737 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl =
https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS
2016-07-22 13:15:59,833 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session:
SAML2Client$attemptedAuthentication = null
2016-07-22 13:15:59,927 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session: samlRelayState = null
2016-07-22 13:15:59,927 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session: samlRelayState =
2016-07-22 13:16:16,179 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116))
- Received request: GET /webhdfs/v1/
2016-07-22 13:16:16,180 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null
2016-07-22 13:16:16,180 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl =
https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS
2016-07-22 13:16:16,182 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session:
SAML2Client$attemptedAuthentication = null
2016-07-22 13:16:16,268 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session: samlRelayState =
2016-07-22 13:16:16,268 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session: samlRelayState =
2016-07-22 13:16:27,641 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116))
- Received request: POST /api/v1/websso
2016-07-22 13:16:27,813 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session:
SAML2Client$attemptedAuthentication = null
2016-07-22 13:16:27,814 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:set(105)) - Save in session: pac4jUserProfile =
<SAML2Profile> | id: n0251132 | attributes: {Products=[],
Groups=[cn=ram_am_im_infc_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_am_im_infc_AllUsers,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=lram_portal_claims,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=lram_portal_billing,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=kev_test_grp1,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=cp_planit,cn=products,ou=groups,o=Liberty,o=Intranet^cn=cp_is_users,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=sec_it_only,cn=products,ou=groups,o=Liberty,o=Intranet^cn=cm_SSL_Remote_Access,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=sec_twofactor_population,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_dashboard_standard,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_AM_IM_Hyp_Admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sasa_scheduling,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sas,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sas_adm_99,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=am_wasadmin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_WASAdmin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_pwrcntr_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ets_libertyforge_git,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_ats_datatools_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_capsmlinsecureconnect,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_data_innov_developer,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_SS_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=pm_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_HadoopPOC,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_Hadoop_RangerPOC,cn=Products,ou=Groups,o=Liberty,o=intranet],
FirstName=[XXXXXX], PhoneNumber=[], LastName=[XXXXXXXXX], CustomerId=[],
EmailAddress=[[email protected]]} | roles: [] | permissions: [] |
isRemembered: false |
2016-07-22 13:16:27,818 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(90)) - Get from session: pac4jRequestedUrl = null
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
