[
https://issues.apache.org/jira/browse/KNOX-1388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden closed KNOX-1388.
------------------------------
> Enable SAML authentication in Knox
> ----------------------------------
>
> Key: KNOX-1388
> URL: https://issues.apache.org/jira/browse/KNOX-1388
> Project: Apache Knox
> Issue Type: Task
> Components: KnoxSSO
> Reporter: PRAVEEN K RAVIKUMAR
> Priority: Major
>
> Hi,
>
> I'm Praveen. I'm working to enable SAML authentication in Apache knox for our
> client. Currently I'm facing few issues after setting up SSO related config
> in KNOX.
>
> on accessing the YarnUI after starting the gateway, The browser gets
> redirected to the Identity provider URL -> asks for the login credentials ->
> on submitting the user is getting authenticated but the application gets
> landed to https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 and
> throws page not found error.
>
> I'm seeing the SAML request sent and SAML response getting received but it
> gets landed to an invalid page after authentication. I'm unable to figure out
> the page to land after authentication.
>
>
> Our Client uses : Ping Federate Identity provider.
> Listed below the configurations setup and also attached screen shots for
> better understanding.
>
> IDP -> Config
> -------------
> Entity ID -
> https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client
> TargetURL - https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446 (I'm
> not sure the target URL is valid, I suspect the page is getting redirected to
> this link after auth)
>
> KnoxSSO.xml
> ------------
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>pac4j</name>
> <enabled>true</enabled>
> <param>
> <name>pac4j.callbackUrl</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
>
> <param>
> <name>clientName</name>
> <value>SAML2Client</value>
> </param>
>
> <param>
> <name>saml.identityProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderMetadataPath</name>
> <value>/tmp/preprod_metadata_SP.xml</value>
> </param>
>
> <param>
> <name>saml.serviceProviderEntityId</name>
>
> <value>https://emr-knox-webui-dev.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
>
> <service>
> <role>KNOXSSO</role>
> <param>
> <name>knoxsso.cookie.secure.only</name>
> <value>true</value>
> </param>
> <param>
> <name>knoxsso.token.ttl</name>
> <value>100000</value>
> </param>
> <param>
> <name>knoxsso.redirect.whitelist.regex</name>
>
> <value>^https?:\/\/(emr-knox-webui-dev\.us-west-2\.elb\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
> </param>
> </service>
> </topology>
>
>
> gate1.xml
> ---------
> <?xml version="1.0" encoding="utf-8"?>
> <topology>
> <gateway>
> <provider>
> <role>federation</role>
> <name>SSOCookieProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sso.authentication.provider.url</name>
>
> <value>https://emr-knox-webui-dev-1021294088.us-west-2.elb.amazonaws.com:8446/gateway/knoxsso/api/v1/websso</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway>
> <service>
> <role>YARNUI</role>
> <url>http://ip-10-89-71-228.vpc.internal:8088</url>
> </service>
> </topology>
>
> Could you please help me in this, would be very helpful to proceed further.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
