PRAVEEN K RAVIKUMAR created KNOX-1388:
-----------------------------------------
Summary: Enable SAML authentication in Knox
Key: KNOX-1388
URL: https://issues.apache.org/jira/browse/KNOX-1388
Project: Apache Knox
Issue Type: Task
Components: KnoxSSO
Reporter: PRAVEEN K RAVIKUMAR
Hi,
I'm Praveen. I'm working to enable SAML authentication in Apache knox for our
client. Currently I'm facing few issues after setting up SSO related config in
KNOX.
on accessing the YarnUI after starting the gateway, The browser gets redirected
to the Identity provider URL -> asks for the login credentials -> on submitting
the user is getting authenticated but the application gets landed to
https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and throws page not
found error.
I'm seeing the SAML request sent and SAML response getting received but it gets
landed to an invalid page after authentication. I'm unable to figure out the
page to land after authentication.
Our Client uses : Ping Federate Identity provider.
Listed below the configurations setup and also attached screen shots for better
understanding.
IDP -> Config
-------------
Entity ID -
https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 (I'm
not sure the target URL is valid, I suspect the page is getting redirected to
this link after auth)
KnoxSSO.xml
------------
<topology>
<gateway>
<provider>
<role>federation</role>
<name>pac4j</name>
<enabled>true</enabled>
<param>
<name>pac4j.callbackUrl</name>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
</param>
<param>
<name>clientName</name>
<value>SAML2Client</value>
</param>
<param>
<name>saml.identityProviderMetadataPath</name>
<value>/tmp/preprod_metadata_SP.xml</value>
</param>
<param>
<name>saml.serviceProviderMetadataPath</name>
<value>/tmp/preprod_metadata_SP.xml</value>
</param>
<param>
<name>saml.serviceProviderEntityId</name>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>KNOXSSO</role>
<param>
<name>knoxsso.cookie.secure.only</name>
<value>true</value>
</param>
<param>
<name>knoxsso.token.ttl</name>
<value>100000</value>
</param>
<param>
<name>knoxsso.redirect.whitelist.regex</name>
<value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
</param>
</service>
</topology>
gate1.xml
---------
<?xml version="1.0" encoding="utf-8"?>
<topology>
<gateway>
<provider>
<role>federation</role>
<name>SSOCookieProvider</name>
<enabled>true</enabled>
<param>
<name>sso.authentication.provider.url</name>
<value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>YARNUI</role>
<url>http://ip-10-89-71-228.vpc.internal:8088</url>
</service>
</topology>
Could you please help me in this, would be very helpful to proceed further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
