Hi Jerome/Sandeep,
Azure AD does support query parameters in the Reply URL for Azure app
registration, whereas in v2 with microsoft app registration portal, it does
not.
However, even in the first case where it allows the parameters during
configuration, it does not honor them by sending it back
Hello Jérôme
You are right about the client_name and pac4JCallback parameters.
I do not think this is because of misconfiguration, the issue in this case
is that Azure AD does not support query params in the callback URLs.
Best,
Sandeep
On Mon, Feb 26, 2018 at 1:42 AM, Jérôme LELEU
Hi,
The callback URL sent by the IdP does not have the client_name parameter,
nor the pac4jCallback parameter (the parameter has changed between
versions).
So the callback is not properly detected and an authentication is tried
over and over again.
So I guess there is a misconfiguration on the
So, it seems that OidcClient and Auth0 is working but AAD and Google are
not.
While I've never tested AAD, I have tested Google so there may be a
regression there.
I notice that there are specific clients for both AzureAd and Google now -
see:
Yes, you are right.
I tested again the pac4j provider with client as "testBasicAuth". This
works perfectly and I noticed that pac4j provides a "hadoop-jwt" token at
the last step to the SSO, and then its able to get the results for the
original URL.
I also tested pac4j with basicAuth and
Hi Colm -
Thanks for trying to reproduce.
Starting to get concerned about a regression
I see that you are using localhost - that will definitely present problems
for Set-Cookie with some browsers.
I know that Chrome will not accept it for sure.
Can you switch to a full domain name?
I
I can reproduce the issue with Google. From the logs I see the following:
2018-02-19 17:21:58,484 DEBUG session.KnoxSessionStore
(KnoxSessionStore.java:get(91)) - Get from session: pac4jRequestedUrl =
No, the hadoop-jwt cookie is for KnoxSSO and the SSOCookieProvider.
If it isn't being set, it could be that it isn't getting past the pac4j
federation provider to the KnoxSSO service itself because there is a
redirect from the pac4j provider or the Set-Cookie just isn't being
accepted by the
Hello Sandeep,
Sorry, that was an incomplete post earlier.
*myCluster.topology:*
1.
2.
3.
4. webappsec
5. WebAppSec
6. true
7.
cors.enabled
It looks like you may be using ip addresses for your Knox URLs - to webhdfs.
In order to rule out cookie related issue can you do a couple things:
1. check whether a cookie called hadoop-jwt is actually set in your browser
2. if not, you may want to set an actual domain in your /etc/hosts or
Hello Nisha,
Can you share details of "mycluster" topology ? also, can you turn up the
logs to debug and share them along with the audit log that would help us to
understand the problem better.
Best,
Sandeep
On Fri, Feb 16, 2018 at 3:16 AM, Nisha Menon
wrote:
> Hello,
11 matches
Mail list logo