[
https://issues.apache.org/jira/browse/KNOX-1388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543784#comment-16543784
]
PRAVEEN K RAVIKUMAR commented on KNOX-1388:
-------------------------------------------
Okay sure. I will include all necessary details after scrubbing all sensitive
data and post it in the mail list you mentioned.
Mean while, it would be great help if you share me any Sample Knox SSO configs
for SAML2 authentication. Would be very helpful for me to understand this set
up.
Thanks you again Larry.
Praveen.
Sent from my iPhone
> Enable SAML authentication in Knox
> ----------------------------------
>
> Key: KNOX-1388
> URL: https://issues.apache.org/jira/browse/KNOX-1388
> Project: Apache Knox
> Issue Type: Task
> Components: KnoxSSO
> Reporter: PRAVEEN K RAVIKUMAR
> Priority: Major
>
> Hi,
>
> I'm Praveen. I'm working to enable SAML authentication in Apache knox for our
> client. Currently I'm facing few issues after setting up SSO related config
> in KNOX.
>
> on accessing the YarnUI after starting the gateway, The browser gets
> redirected to the Identity provider URL -> asks for the login credentials ->
> on submitting the user is getting authenticated but the application gets
> landed to https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and
> throws page not found error.
>
> I'm seeing the SAML request sent and SAML response getting received but it
> gets landed to an invalid page after authentication. I'm unable to figure out
> the page to land after authentication.
>
>
> Our Client uses : Ping Federate Identity provider.
> Listed below the configurations setup and also attached screen shots for
> better understanding.
>
> IDP -> Config
> -------------
> Entity ID -
> https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
> TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 (I'm
> not sure the target URL is valid, I suspect the page is getting redirected to
> this link after auth)
>
> KnoxSSO.xml
> ------------
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>pac4j</name>
> <enabled>true</enabled>
> <param>
> <name>pac4j.callbackUrl</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
>
> <param>
> <name>clientName</name>
> <value>SAML2Client</value>
> </param>
>
> <param>
> <name>saml.identityProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderEntityId</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
>
> <service>
> <role>KNOXSSO</role>
> <param>
> <name>knoxsso.cookie.secure.only</name>
> <value>true</value>
> </param>
> <param>
> <name>knoxsso.token.ttl</name>
> <value>100000</value>
> </param>
> <param>
> <name>knoxsso.redirect.whitelist.regex</name>
>
> <value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
> </param>
> </service>
> </topology>
>
>
> gate1.xml
> ---------
> <?xml version="1.0" encoding="utf-8"?>
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
>
> <value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
> <service>
> <role>YARNUI</role>
> <url>http://ip-10-89-71-228.vpc.internal:8088</url>
> </service>
> </topology>
>
> Could you please help me in this, would be very helpful to proceed further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
