Dear all, We are using Zeppelin 0.8.2 as our Data scientist notebook. We configure the Zeppelin notebook to use CAS authentication.
Our configuration in shiro.ini is: [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.sessionManager.globalSessionTimeout = 86400000 casFilter = org.apache.shiro.cas.CasFilter casFilter.failureUrl = /error.jsp casRealm = org.apache.shiro.cas.CasRealm casRealm.defaultRoles = ROLE_USER casRealm.casServerUrlPrefix = https://ourCasServer:453/iam casRealm.casService = https://OurServer:8443/notebook/api/shiro-cas casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory securityManager.subjectFactory = $casSubjectFactory shiro.loginUrl = https://ourCasServer:453/iam/login?service=https://OurServer:8443/notebook/api/shiro-cas cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = ZEPPELIN-BDS-ID cookie.secure = true cookie.httpOnly = true sessionManager.sessionIdCookie = $cookie [urls] # anon means the access is anonymous. # authcBasic means Basic Auth Security # To enfore security, comment the line below and uncomment the next one /api/login = casFilter /api/version = anon /api/shiro-cas = casFilter /api/** = user /notebook = casFilter /protected/** = roles[ROLE_USER] After login, the URL is added with the JSESSIONID that leads to a failing load of the Zeppelin web UI (https://OurServer:8443/notebook/;JSESSIONID=the_session_id#/) Our question is: Is it possible to configure shiro.ini to not add this JSESSIONID in the URL after login? Best regards Tien Dat PHAN
