[jira] [Commented] (AMBARI-20839) When HTTPS is enabled, Log search authenication does not work for non log search admin users

Tue, 02 May 2017 09:05:22 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-20839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15993157#comment-15993157
 ] 

Keta Patel commented on AMBARI-20839:
-------------------------------------

Hello Oliver,
I would like to have your input on this defect. I have used the tried and 
tested steps while configuring HTTPS for ambari-server:
1. enable HTTPS using **ambari-server setup-security** option#1
2. Setup TrustStore for ambari-server using option#4
3. Import the self-signed certificate using option#5

When using HTTPS enabled ambari-server with Logsearch, which still uses HTTP 
protocol, I am able to see the logs in the Host->Logs tab, and the Logsearch UI 
succressfully loads the login page. At this point, the issue mentioned in the 
description of this Jira, i.e. only the Logsearch admin is able to successfully 
log into the Logsearch UI, can be seen. For all the other ambari users, invalid 
user/password error is displayed. The error happens when the 
LogsearchAuthenticationProvider tests the username/password using the 
**EXTERNAL_AUTH** method. In this case, it fails to make a successful 
ExternalServerClient.sendGETRequest() call. I suspect that the SSLUtil class 
fails to load the SSLContext because of which the subsequent calls fail to 
connect to the ambari-server successfully. 
Is it necessary to enable Logsearch SSL for this?
I tried enabling SSL for Logsearch-portal, Logsearch-logfeeder, but when I 
update the Logsearch protocol to **https**, the Host->Logs tab won't show any 
logs and even the Logsearch UI fails to load.
I used the following links to setup SSL for Logsearch:
https://community.hortonworks.com/articles/90621/log-search-and-ssl.html
https://community.hortonworks.com/articles/75476/how-to-enable-ssl-for-logsearch-and-update-logsera.html

It would be helpful if you could share your view on this issue.
Thank you,
Keta Patel

> When HTTPS is enabled, Log search authenication does not work for non log 
> search admin  users 
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20839
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20839
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: 2.4.0
>            Reporter: Tuong Truong
>            Assignee: Keta Patel
>
> When HTTPS is enabled,  only the configured Log Search admin user can log 
> into Log Search UI.  All others users are not able to log into Log Search UI 
> regardless of how Log Search is configured with respect to role permission..



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to