[
https://issues.apache.org/jira/browse/KNOX-1388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16545811#comment-16545811
]
PRAVEEN K RAVIKUMAR commented on KNOX-1388:
-------------------------------------------
Hi Larry,
As you suggested, I have posted my question at dev@/users@ mailing list.
Could you please have a look and let me know if you need any further
information.
Thanks,
Praveen.
On 7/13/18, 2:49 PM, "Larry McCay (JIRA)" <[email protected]> wrote:
[
https://issues.apache.org/jira/browse/KNOX-1388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543773#comment-16543773
]
Larry McCay commented on KNOX-1388:
-----------------------------------
No worries - I just want to make sure that you get proper eyes on your
questions.
I don't know that there is enough attached here either - you will likely
need to send logs.
I need to see the originalUrl query param set by the SSOCookieProvider when
redirecting to KnoxSSO for instance.
You will want to scrub the logs of any sensitive data like hostnames and
the like as well.
> Enable SAML authentication in Knox
> ----------------------------------
>
> Key: KNOX-1388
> URL: https://issues.apache.org/jira/browse/KNOX-1388
> Project: Apache Knox
> Issue Type: Task
> Components: KnoxSSO
> Reporter: PRAVEEN K RAVIKUMAR
> Priority: Major
>
> Hi,
>
> I'm Praveen. I'm working to enable SAML authentication in Apache knox for
our client. Currently I'm facing few issues after setting up SSO related config
in KNOX.
>
> on accessing the YarnUI after starting the gateway, The browser gets
redirected to the Identity provider URL -> asks for the login credentials -> on
submitting the user is getting authenticated but the application gets landed to
https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and throws page not
found error.
>
> I'm seeing the SAML request sent and SAML response getting received but
it gets landed to an invalid page after authentication. I'm unable to figure
out the page to land after authentication.
>
>
> Our Client uses : Ping Federate Identity provider.
> Listed below the configurations setup and also attached screen shots for
better understanding.
>
> IDP -> Config
> -------------
> Entity ID -
https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
> TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446
(I'm not sure the target URL is valid, I suspect the page is getting redirected
to this link after auth)
>
> KnoxSSO.xml
> ------------
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>pac4j</name>
> <enabled>true</enabled>
> <param>
> <name>pac4j.callbackUrl</name>
>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
>
> <param>
> <name>clientName</name>
> <value>SAML2Client</value>
> </param>
>
> <param>
> <name>saml.identityProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderEntityId</name>
>
<value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
>
> <service>
> <role>KNOXSSO</role>
> <param>
> <name>knoxsso.cookie.secure.only</name>
> <value>true</value>
> </param>
> <param>
> <name>knoxsso.token.ttl</name>
> <value>100000</value>
> </param>
> <param>
> <name>knoxsso.redirect.whitelist.regex</name>
>
<value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
> </param>
> </service>
> </topology>
>
>
> gate1.xml
> ---------
> <?xml version="1.0" encoding="utf-8"?>
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
>
<value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
> <service>
> <role>YARNUI</role>
> <url>http://ip-10-89-71-228.vpc.internal:8088</url>
> </service>
> </topology>
>
> Could you please help me in this, would be very helpful to proceed
further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
> Enable SAML authentication in Knox
> ----------------------------------
>
> Key: KNOX-1388
> URL: https://issues.apache.org/jira/browse/KNOX-1388
> Project: Apache Knox
> Issue Type: Task
> Components: KnoxSSO
> Reporter: PRAVEEN K RAVIKUMAR
> Priority: Major
>
> Hi,
>
> I'm Praveen. I'm working to enable SAML authentication in Apache knox for our
> client. Currently I'm facing few issues after setting up SSO related config
> in KNOX.
>
> on accessing the YarnUI after starting the gateway, The browser gets
> redirected to the Identity provider URL -> asks for the login credentials ->
> on submitting the user is getting authenticated but the application gets
> landed to https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and
> throws page not found error.
>
> I'm seeing the SAML request sent and SAML response getting received but it
> gets landed to an invalid page after authentication. I'm unable to figure out
> the page to land after authentication.
>
>
> Our Client uses : Ping Federate Identity provider.
> Listed below the configurations setup and also attached screen shots for
> better understanding.
>
> IDP -> Config
> -------------
> Entity ID -
> https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
> TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 (I'm
> not sure the target URL is valid, I suspect the page is getting redirected to
> this link after auth)
>
> KnoxSSO.xml
> ------------
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>pac4j</name>
> <enabled>true</enabled>
> <param>
> <name>pac4j.callbackUrl</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
>
> <param>
> <name>clientName</name>
> <value>SAML2Client</value>
> </param>
>
> <param>
> <name>saml.identityProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderEntityId</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
>
> <service>
> <role>KNOXSSO</role>
> <param>
> <name>knoxsso.cookie.secure.only</name>
> <value>true</value>
> </param>
> <param>
> <name>knoxsso.token.ttl</name>
> <value>100000</value>
> </param>
> <param>
> <name>knoxsso.redirect.whitelist.regex</name>
>
> <value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
> </param>
> </service>
> </topology>
>
>
> gate1.xml
> ---------
> <?xml version="1.0" encoding="utf-8"?>
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
>
> <value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
> <service>
> <role>YARNUI</role>
> <url>http://ip-10-89-71-228.vpc.internal:8088</url>
> </service>
> </topology>
>
> Could you please help me in this, would be very helpful to proceed further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
