Hi Jerome. PFA the logs after enabling the pac4j logs. Hope this helps.
Regards Nisha On Tue, Feb 20, 2018 at 7:50 PM, Jérôme LELEU <lel...@gmail.com> wrote: > Hi, > > Logs look good in pac4j. Redirecting to the identity provider and then > coming back to the gateway. Maybe the user identity is not properly > created... > > Can you turn on DEBUG logs on org.pac4j and org.apache.knox.gateway.pac4j? > > Thanks. > Best regards, > Jérôme > > > On Mon, Feb 19, 2018 at 6:49 PM, Colm O hEigeartaigh <cohei...@apache.org> > wrote: > >> I can reproduce the issue with Google. From the logs I see the following: >> >> 2018-02-19 17:21:58,484 DEBUG session.KnoxSessionStore >> (KnoxSessionStore.java:get(91)) - Get from session: pac4jRequestedUrl = >> https://localhost:8443/gateway/knoxssopac4j/api/v1/websso? >> originalUrl=https://localhost:8443/gateway/sandbox-ssopac4j/ >> webhdfs/v1/data/LICENSE.txt?op=OPEN >> 2018-02-19 17:21:58,485 DEBUG session.KnoxSessionStore >> (KnoxSessionStore.java:set(107)) - Save in session: pac4jRequestedUrl = >> null >> 2018-02-19 17:21:58,485 DEBUG engine.DefaultCallbackLogic >> (DefaultCallbackLogic.java:redirectToOriginallyRequestedUrl(137)) - >> redirectUrl: https://localhost:8443/gateway/knoxssopac4j/api/v1/websso? >> originalUrl=https://localhost:8443/gateway/sandbox-ssopac4j/ >> webhdfs/v1/data/LICENSE.txt?op=OPEN >> 2018-02-19 17:21:58,488 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) >> - Received request: GET /api/v1/websso >> >> It is getting an access token correctly and trying to redirect back to >> the original URL. However from the logs above it seems to never hit the >> original URL but instead hits the "redirectUrl". Is some parsing supposed >> to take place to extract "originalUrl" from the "pac4jRequestedUrl" >> parameter and redirect to this instead? >> >> Colm. >> >> On Mon, Feb 19, 2018 at 4:16 PM, larry mccay <lmc...@apache.org> wrote: >> >>> No, the hadoop-jwt cookie is for KnoxSSO and the SSOCookieProvider. >>> If it isn't being set, it could be that it isn't getting past the pac4j >>> federation provider to the KnoxSSO service itself because there is a >>> redirect from the pac4j provider or the Set-Cookie just isn't being >>> accepted by the browser. >>> >>> The audit log does seem to be getting a redirect from pac4j. >>> >>> I haven't seen any examples of it working AAD - so we are in unchartered >>> waters here. >>> >>> @Jerome - any insights? >>> >>> On Mon, Feb 19, 2018 at 2:04 AM, Nisha Menon <nisha.meno...@gmail.com> >>> wrote: >>> >>>> Hello Larry, >>>> >>>> hadoop-jwt cookie is not set. Isnt this for JWT provider? >>>> In SSO provider with pac4j, I can see cookies like: >>>> pac4j.session.pac4jRequestedUrl, pac4j.session.oidcStateAttribute, >>>> pac4j.session.oidcNonceAttribute etc. >>>> >>>> IP address and hostnames are mapped, else the *basic auth* also would >>>> have failed. >>>> My issue is only when I use pac4j with Oidc client and Azure AD. >>>> >>>> On Fri, Feb 16, 2018 at 10:11 PM, larry mccay <lmc...@apache.org> >>>> wrote: >>>> >>>>> It looks like you may be using ip addresses for your Knox URLs - to >>>>> webhdfs. >>>>> In order to rule out cookie related issue can you do a couple things: >>>>> >>>>> 1. check whether a cookie called hadoop-jwt is actually set in your >>>>> browser >>>>> 2. if not, you may want to set an actual domain in your /etc/hosts or >>>>> something that you can reference - I use www.local.com to map to >>>>> localhost >>>>> >>>>> I think that ip address should work for this case actually but there >>>>> are differences in browsers that might not let it. >>>>> Also, if you had another service on another ip address, the browser >>>>> would not present the cookie - so this is good to be aware of anyway. >>>>> >>>>> On Fri, Feb 16, 2018 at 8:55 AM, Sandeep Moré <moresand...@gmail.com> >>>>> wrote: >>>>> >>>>>> Hello Nisha, >>>>>> Can you share details of "mycluster" topology ? also, can you turn up >>>>>> the logs to debug and share them along with the audit log that would help >>>>>> us to understand the problem better. >>>>>> >>>>>> Best, >>>>>> Sandeep >>>>>> >>>>>> On Fri, Feb 16, 2018 at 3:16 AM, Nisha Menon <nisha.meno...@gmail.com >>>>>> > wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I have setup KNOX to connect with Azure AD using pac4j. >>>>>>> >>>>>>> However, after the authentication at Azure login page, it gets into >>>>>>> an infinite loop and does not give back the original REST call response. >>>>>>> >>>>>>> *Details:* >>>>>>> >>>>>>> 1. I try to access the original URL eg: >>>>>>> *https://x.x.2.3:8442/gateway/mycluster/webhdfs/v1/user?op=LISTSTATUS >>>>>>> <https://x.x.2.3:8442/gateway/mycluster/webhdfs/v1/user?op=LISTSTATUS>* >>>>>>> >>>>>>> 2. It redirects to *https://**login.microsoftonline.com >>>>>>> <http://login.microsoftonline.com/>* and asks for credentials. >>>>>>> >>>>>>> 3. After successful login at Azure login page, it redirects to >>>>>>> *http://x.x.2.3:8442/gateway/knoxsso/api/v1/websso >>>>>>> <http://x.x.2.3:8442/gateway/knoxsso/api/v1/websso>* with code, >>>>>>> session and state variables passed as below: >>>>>>> >>>>>>> *https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4k***********************LFFm7C9cIShE7nggAA&state=5dzTZBYhEVDBrA*****************GZRNfANGb5ls&session_state=42f2447b-621***********790eaa2d18 >>>>>>> <https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4k***********************LFFm7C9cIShE7nggAA&state=5dzTZBYhEVDBrA*****************GZRNfANGb5ls&session_state=42f2447b-621***********790eaa2d18>* >>>>>>> >>>>>>> 2. Following this call, it *again *calls the *login.microsoftonline.com >>>>>>> <http://login.microsoftonline.com/>* like below: >>>>>>> >>>>>>> *https://login.microsoftonline.com/f82969ba-b***********c1d0557a/oauth2/authorize?response_type=code&client_id=385*******3-a4bdceaa34&redirect_uri=https%3A%2F%2Fx.x.2.3%3A8442%2Fgateway%2Fknoxsso%2Fapi%2Fv1%2Fwebsso%3Fpac4jCallback%3Dtrue%26client_name%3DOidcClient≻ope=openid+profile+email&state=5dzTZBYhEVDBrAInao9VHDRd33uiRp-GZRNfANGb5ls&nonce=BvCUroM7_aKFjmbLYxaxbS0Mq9SJ8If0CUpITEGB-bw >>>>>>> <https://login.microsoftonline.com/f82969ba-b***********c1d0557a/oauth2/authorize?response_type=code&client_id=385*******3-a4bdceaa34&redirect_uri=https%3A%2F%2Fx.x.2.3%3A8442%2Fgateway%2Fknoxsso%2Fapi%2Fv1%2Fwebsso%3Fpac4jCallback%3Dtrue%26client_name%3DOidcClient%E2%89%BBope=openid+profile+email&state=5dzTZBYhEVDBrAInao9VHDRd33uiRp-GZRNfANGb5ls&nonce=BvCUroM7_aKFjmbLYxaxbS0Mq9SJ8If0CUpITEGB-bw>* >>>>>>> >>>>>>> After this, step 1 and 2 alternate several times and finally lands >>>>>>> up in "ERR_TOO_MANY_REDIRECTS"!!! >>>>>>> >>>>>>> This is my knoxsso.xml: >>>>>>> >>>>>>> >>>>>>> 1. <topology> >>>>>>> 2. <gateway> >>>>>>> 3. <provider> >>>>>>> 4. <role>webappsec</role> >>>>>>> 5. <name>WebAppSec</name> >>>>>>> 6. <enabled>true</enabled> >>>>>>> 7. >>>>>>> <param><name>xframe.options.enabled</name><value>true</value></param> >>>>>>> 8. </provider> >>>>>>> 9. <provider> >>>>>>> 10. <role>federation</role> >>>>>>> 11. <name>pac4j</name> >>>>>>> 12. <enabled>true</enabled> >>>>>>> 13. <param> >>>>>>> 14. <name>pac4j.callbackUrl</name> >>>>>>> 15. >>>>>>> <value>https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso</value> >>>>>>> 16. </param> >>>>>>> 17. <param> >>>>>>> 18. <name>clientName</name> >>>>>>> 19. <value>OidcClient</value> >>>>>>> 20. </param> >>>>>>> 21. <param> >>>>>>> 22. <name>oidc.id</name> >>>>>>> 23. >>>>>>> <value>385c2bc*****************2695eaa34</value> >>>>>>> 24. </param> >>>>>>> 25. <param> >>>>>>> 26. <name>oidc.secret</name> >>>>>>> 27. >>>>>>> <value>Y30wOwM88BY************vYmPp8KMyDY2W+o=</value> >>>>>>> 28. </param> >>>>>>> 29. <param> >>>>>>> 30. <name>oidc.discoveryUri</name> >>>>>>> 31. >>>>>>> <value>https://login.microsoftonline.com/f82969***********1d0557a/.well-known/openid-configuration</value> >>>>>>> 32. </param> >>>>>>> 33. </provider> >>>>>>> 34. <provider> >>>>>>> 35. <role>identity-assertion</role> >>>>>>> 36. <name>Default</name> >>>>>>> 37. <enabled>true</enabled> >>>>>>> 38. </provider> >>>>>>> 39. </gateway> >>>>>>> 40. <application> >>>>>>> 41. <name>knoxauth</name> >>>>>>> 42. </application> >>>>>>> 43. <service> >>>>>>> 44. <role>KNOXSSO</role> >>>>>>> 45. <param> >>>>>>> 46. <name>knoxsso.cookie.secure.only</name> >>>>>>> 47. <value>false</value> >>>>>>> 48. </param> >>>>>>> 49. <param> >>>>>>> 50. <name>knoxsso.token.ttl</name> >>>>>>> 51. <value>30000</value> >>>>>>> 52. </param> >>>>>>> 53. <param> >>>>>>> 54. <name>knoxsso.redirect.whitelist.regex</name> >>>>>>> 55. >>>>>>> <value>^https?:\/\/(dap-e0|x\.x\.2\.3|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$/value> >>>>>>> 56. </param> >>>>>>> 57. </service> >>>>>>> 58. </topology> >>>>>>> >>>>>>> I tried using response_type "id_token", enabling nonces, >>>>>>> knoxsso.secure to true, preferredJwsAlgorithm as RS256 etc. Nothing >>>>>>> helps. >>>>>>> >>>>>>> gateway-audit.log when redirection error starts: >>>>>>> >>>>>>> >>>>>>> 1. 18/02/15 12:38:02 >>>>>>> ||7a66725e-6d9d-4ef5-9017-2b52d7d15ccf|audit|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_a**********************_WuZRkgVKneLpp83HnSlcntEbAmAgAA&state=0n7h1Y2LTz_**************99P92pZonRN-c&session_state=f0ac55a1-4***********-53e3e126b40e|success|Response >>>>>>> status: 302 >>>>>>> >>>>>>> It clearly shows Response status as "302" and not "200". This leads >>>>>>> to redirection! >>>>>>> >>>>>>> What could I be missing here? Any pointers will be greatly >>>>>>> appreciated. >>>>>>> Regards >>>>>>> Nisha >>>>>>> >>>>>>> >>>>>> >>>>> Regards >>>> Nisha >>>> >>> >>> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > >
2018-02-21 03:37:58,813 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /webhdfs/v1/user 2018-02-21 03:37:58,875 DEBUG federation.jwt (SSOCookieFederationFilter.java:doFilter(109)) - Sending redirect to: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?originalUrl=https://x.x.2.3:8442/gateway/myCluster/webhdfs/v1/user?op=LISTSTATUS 2018-02-21 03:37:59,207 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /api/v1/websso 2018-02-21 03:37:59,297 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(99)) - url: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?originalUrl=https://x.x.2.3:8442/gateway/myCluster/webhdfs/v1/user?op=LISTSTATUS 2018-02-21 03:37:59,298 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:37:59,298 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient 2018-02-21 03:37:59,300 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(107)) - currentClients: [<OidcClient> | name: OidcClient |] 2018-02-21 03:37:59,300 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(110)) - useSession: true 2018-02-21 03:37:59,302 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null 2018-02-21 03:37:59,303 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(113)) - profile: null 2018-02-21 03:37:59,304 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(149)) - Starting authentication 2018-02-21 03:37:59,304 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:saveRequestedUrl(180)) - requestedUrl: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?originalUrl=https://x.x.2.3:8442/gateway/myCluster/webhdfs/v1/user?op=LISTSTATUS 2018-02-21 03:37:59,304 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl = https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?originalUrl=https://x.x.2.3:8442/gateway/myCluster/webhdfs/v1/user?op=LISTSTATUS 2018-02-21 03:37:59,496 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: OidcClient$attemptedAuthentication = null 2018-02-21 03:37:59,898 WARN client.OidcClient (OidcClient.java:internalInit(309)) - Preferred token endpoint Authentication method: null not available. Defaulting to: client_secret_post 2018-02-21 03:37:59,916 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: oidcStateAttribute = M_RUvnYkxz_rT7oHLtJ7dZ3N1aAwBWCIonP393Kwsvk 2018-02-21 03:37:59,940 DEBUG client.OidcClient (OidcClient.java:retrieveRedirectAction(383)) - Authentication request url : https://login.microsoftonline.com/f82969ba-b995-4d80-8bfa-fd22c1d0557a/oauth2/authorize?response_type=code&client_id=385c2bca-5824-4993-a4bd-6c32695eaa34&redirect_uri=https%3A%2F%2Fx.x.2.3%3A8442%2Fgateway%2Fknoxsso%2Fapi%2Fv1%2Fwebsso%3Fpac4jCallback%3Dtrue%26client_name%3DOidcClient&scope=openid+profile+email&state=M_RUvnYkxz_rT7oHLtJ7dZ3N1aAwBWCIonP393Kwsvk 2018-02-21 03:38:40,238 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /api/v1/websso 2018-02-21 03:38:40,240 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(99)) - url: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHznu5LnYpksFVTUu8MZUVSPlboBOS71p8M7sOfhmSpxdFcSqJeJM0x6hZyMKUUmIWNX1OdKWfRRK7n5nM7BUyzoUMrVsmK6laM-rrDgp35mwB01lWx3RWnxl9OJe69lif729FxcQK7-tQy49-fo5LTGfK7lot4D8xpwisXMCTEJX2Rn17tGtBsUU3ksdNGSRoMQHUI6DRCTMu2Lc14OSvrD0XMaFH1cbLNG-IOFmJZPDOoJF9MgsarwVyaGa7P5PReuf5-lNqXNhwGB7fJ6qpR4BrM4sWAD8DrGD84MMVs9wc5CfLr_By6WcRdkoKn5abGi9GZHjLOc2nfdUTQMEAVJxaQ4FzjPaP6mVHI09Ur2yyGzB_p5dhbY5ERFxHdoktQ2st2473ymDIZQcFXbe2FJ096beaity033Z9ua7JCZw3VbSVX0S26mK18x57aZr4eRc7VvCUeRxHMk2ohF6vgsQ9iLWYb75c5Ab6rWInIdY_edR8PGsV2ljJEKb99CpWqJhvH8k4k9YyjIxgPv_vwVwYjAD3uEYXzAhfH35EoIJifrLs2MB8zkX365tv7Wa71FDaf2fhnPsbHuR8jkT-Ha-t5tIhoEpmksUk66g7MnYILKhN1DSDQpObOaUEDr1mHkteGRJbrGhI2KQLDlqP55vux9P9e9E1p9QGyhohpxnAEO2u41y_NcB7EMiZbIxcjLRlo8ml3sE6j0P9k_n5rhJsTyfnSNZf_D2JMeyw2Z9UgAA&state=M_RUvnYkxz_rT7oHLtJ7dZ3N1aAwBWCIonP393Kwsvk&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:40,241 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:38:40,244 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient 2018-02-21 03:38:40,241 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:38:40,244 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient 2018-02-21 03:38:40,245 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(107)) - currentClients: [<OidcClient> | name: OidcClient |] 2018-02-21 03:38:40,245 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(110)) - useSession: true 2018-02-21 03:38:40,245 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null 2018-02-21 03:38:40,247 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(113)) - profile: null 2018-02-21 03:38:40,247 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(149)) - Starting authentication 2018-02-21 03:38:40,249 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:saveRequestedUrl(180)) - requestedUrl: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHznu5LnYpksFVTUu8MZUVSPlboBOS71p8M7sOfhmSpxdFcSqJeJM0x6hZyMKUUmIWNX1OdKWfRRK7n5nM7BUyzoUMrVsmK6laM-rrDgp35mwB01lWx3RWnxl9OJe69lif729FxcQK7-tQy49-fo5LTGfK7lot4D8xpwisXMCTEJX2Rn17tGtBsUU3ksdNGSRoMQHUI6DRCTMu2Lc14OSvrD0XMaFH1cbLNG-IOFmJZPDOoJF9MgsarwVyaGa7P5PReuf5-lNqXNhwGB7fJ6qpR4BrM4sWAD8DrGD84MMVs9wc5CfLr_By6WcRdkoKn5abGi9GZHjLOc2nfdUTQMEAVJxaQ4FzjPaP6mVHI09Ur2yyGzB_p5dhbY5ERFxHdoktQ2st2473ymDIZQcFXbe2FJ096beaity033Z9ua7JCZw3VbSVX0S26mK18x57aZr4eRc7VvCUeRxHMk2ohF6vgsQ9iLWYb75c5Ab6rWInIdY_edR8PGsV2ljJEKb99CpWqJhvH8k4k9YyjIxgPv_vwVwYjAD3uEYXzAhfH35EoIJifrLs2MB8zkX365tv7Wa71FDaf2fhnPsbHuR8jkT-Ha-t5tIhoEpmksUk66g7MnYILKhN1DSDQpObOaUEDr1mHkteGRJbrGhI2KQLDlqP55vux9P9e9E1p9QGyhohpxnAEO2u41y_NcB7EMiZbIxcjLRlo8ml3sE6j0P9k_n5rhJsTyfnSNZf_D2JMeyw2Z9UgAA&state=M_RUvnYkxz_rT7oHLtJ7dZ3N1aAwBWCIonP393Kwsvk&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:40,249 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl = https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHznu5LnYpksFVTUu8MZUVSPlboBOS71p8M7sOfhmSpxdFcSqJeJM0x6hZyMKUUmIWNX1OdKWfRRK7n5nM7BUyzoUMrVsmK6laM-rrDgp35mwB01lWx3RWnxl9OJe69lif729FxcQK7-tQy49-fo5LTGfK7lot4D8xpwisXMCTEJX2Rn17tGtBsUU3ksdNGSRoMQHUI6DRCTMu2Lc14OSvrD0XMaFH1cbLNG-IOFmJZPDOoJF9MgsarwVyaGa7P5PReuf5-lNqXNhwGB7fJ6qpR4BrM4sWAD8DrGD84MMVs9wc5CfLr_By6WcRdkoKn5abGi9GZHjLOc2nfdUTQMEAVJxaQ4FzjPaP6mVHI09Ur2yyGzB_p5dhbY5ERFxHdoktQ2st2473ymDIZQcFXbe2FJ096beaity033Z9ua7JCZw3VbSVX0S26mK18x57aZr4eRc7VvCUeRxHMk2ohF6vgsQ9iLWYb75c5Ab6rWInIdY_edR8PGsV2ljJEKb99CpWqJhvH8k4k9YyjIxgPv_vwVwYjAD3uEYXzAhfH35EoIJifrLs2MB8zkX365tv7Wa71FDaf2fhnPsbHuR8jkT-Ha-t5tIhoEpmksUk66g7MnYILKhN1DSDQpObOaUEDr1mHkteGRJbrGhI2KQLDlqP55vux9P9e9E1p9QGyhohpxnAEO2u41y_NcB7EMiZbIxcjLRlo8ml3sE6j0P9k_n5rhJsTyfnSNZf_D2JMeyw2Z9UgAA&state=M_RUvnYkxz_rT7oHLtJ7dZ3N1aAwBWCIonP393Kwsvk&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:40,256 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: OidcClient$attemptedAuthentication = null 2018-02-21 03:38:40,256 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: oidcStateAttribute = ZvDWovsA9GQL1so5_OYMezXE9Z4Ndtq21InPMEo6ufA 2018-02-21 03:38:40,262 DEBUG client.OidcClient (OidcClient.java:retrieveRedirectAction(383)) - Authentication request url : https://login.microsoftonline.com/f82969ba-b995-4d80-8bfa-fd22c1d0557a/oauth2/authorize?response_type=code&client_id=385c2bca-5824-4993-a4bd-6c32695eaa34&redirect_uri=https%3A%2F%2Fx.x.2.3%3A8442%2Fgateway%2Fknoxsso%2Fapi%2Fv1%2Fwebsso%3Fpac4jCallback%3Dtrue%26client_name%3DOidcClient&scope=openid+profile+email&state=ZvDWovsA9GQL1so5_OYMezXE9Z4Ndtq21InPMEo6ufA 2018-02-21 03:38:41,677 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /api/v1/websso 2018-02-21 03:38:41,678 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(99)) - url: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHzr4CH62hEjrZfN1pSgHzp92vJxQW8r2Ixcdg1qMd09fklo4iQnIbAo5rFc7NnR2yRrUr56xvDauHj9VAQtXIaggbMx4YNVGGTDl2-4vS_dgfrlg3J0BF3v6USywYW2SXWeH2ov8o5Q2LdaFHQrRKBdkSOwX7fFk1YTddSjaDXuynjblKzV18YrcoRw3CAIrgMhMYg-nbqr2wjgN01eyqyF6onepLlrOxaL0UBs6_95ky2SzEctY1ae1XIKXkDvR5JeyUV4DAQrjHEKnGfwbY7NblDjCQ1pIsrSn8TTnjEbiMfGRH9cpneBXx_J1sJT8348qD_e4TB5TbWYUtZujlJeTSBzB-Ka_7IrQO7n98C3Ap-X9gIPPh98mUrFkrxIT59aQDO6b6h9xwuP0pATQcEzGm5ucTE4hYngVMWca9Zvsa24w7YefNYBx5UaUZA6WY_VAv6s2a00iP5e0qCIc3TilUa9btP38Y4owoftyjAhXTuGURLKpGRzeqtJa-fpa1TRiULIhReOCFjRJObQKwxo_OHpU8bnp4UKRfbURlWDJus8-rRFIttk8DGGc0r6JT34Bh8Wip84oPtrvD3UqdCGklyTei9p9so4UbENBSlsWNlX6KXPHClTFGmv5-QnHKGOxlgu1V0joXpf91KcPBrMWzpjf3J8KIyHha6JXIXR9KTln87l2JR5Hzh5-A-uKGWRbH9cH6Hwwmf-_ppbU1Q0Qe2zIJXkJBxlOx0e8Ac8PogAA&state=ZvDWovsA9GQL1so5_OYMezXE9Z4Ndtq21InPMEo6ufA&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:41,679 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:38:41,679 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient 2018-02-21 03:38:43,083 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:38:43,084 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient 2018-02-21 03:38:43,084 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(107)) - currentClients: [<OidcClient> | name: OidcClient |] 2018-02-21 03:38:43,084 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(110)) - useSession: true 2018-02-21 03:38:43,085 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null 2018-02-21 03:38:43,085 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(113)) - profile: null 2018-02-21 03:38:43,085 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(149)) - Starting authentication 2018-02-21 03:38:43,086 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:saveRequestedUrl(180)) - requestedUrl: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHzi1qKLj9Sa9zrbBVeR3i5ncBFiJ7aZF2W79yBmmOcu199WSO7pDefe626Y34T8OhAV5BJpL0NfKf9czn__cr_wRxjySmANACu5LlcToxzrZT_a41ND7QxfWx4Nw9oLaKie9elRy5X55jzk_hmC-9iMBGJKOPWDSwNAXu6J3cfBKLvLXB_5eydVIZifubdYS4pPaQktS_4TyMwcgQAVWL68D17zHTiZjHRK7cqmkCEwDHa4IlaK-KB-8xBFv5fdd9xz6rflVAcJYAIui3dalsxj_KmGcn2NbWfHcgpGvyjhxeRYfpVNU7ttYqHzJbIREcxblj1v8aCwRJYzz0GJ1FEIErklbnrQPcTOsZr6MqO_oQR04lxCv7s05JHN26K5EcDa2DkgdRuF6aL8ZXVWhydMXGQYxFYwAJNhdFjNrVxKw61UXaVvY5k5HRgiiMXwI0PxoPPENIAbba5D1QuvhbV1n3nM4y5Luvc_fnuJjxpX9UiBhf0oYjwtpf-VADItnP8yIvOH8zSlqUK-PxQvrZsyLb7BIpDgTA38WvhL0qDZXFSh33sf09lQdJZ9Y8gc5v6lSQvM-0Fs9Hm6eIzKEkhnDkf_QFOwYD5pYxMSy5IsQg9euqxOR_LjzPe_pdqkm5-hOQyOxYxumbbtTTMp6iNX32yO7bs576zhDQ58ocXgvyiyOcucpw2ZSXuE5OprI5cDqNzAwqxToRYftl7dC7Kgj3-ivQcoYC-lMcrLs2XF14gAA&state=aXUf653tcA2JHIVo37A8EGdRP2vi-i0bRA90OU4exPQ&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:43,086 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl = https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHzi1qKLj9Sa9zrbBVeR3i5ncBFiJ7aZF2W79yBmmOcu199WSO7pDefe626Y34T8OhAV5BJpL0NfKf9czn__cr_wRxjySmANACu5LlcToxzrZT_a41ND7QxfWx4Nw9oLaKie9elRy5X55jzk_hmC-9iMBGJKOPWDSwNAXu6J3cfBKLvLXB_5eydVIZifubdYS4pPaQktS_4TyMwcgQAVWL68D17zHTiZjHRK7cqmkCEwDHa4IlaK-KB-8xBFv5fdd9xz6rflVAcJYAIui3dalsxj_KmGcn2NbWfHcgpGvyjhxeRYfpVNU7ttYqHzJbIREcxblj1v8aCwRJYzz0GJ1FEIErklbnrQPcTOsZr6MqO_oQR04lxCv7s05JHN26K5EcDa2DkgdRuF6aL8ZXVWhydMXGQYxFYwAJNhdFjNrVxKw61UXaVvY5k5HRgiiMXwI0PxoPPENIAbba5D1QuvhbV1n3nM4y5Luvc_fnuJjxpX9UiBhf0oYjwtpf-VADItnP8yIvOH8zSlqUK-PxQvrZsyLb7BIpDgTA38WvhL0qDZXFSh33sf09lQdJZ9Y8gc5v6lSQvM-0Fs9Hm6eIzKEkhnDkf_QFOwYD5pYxMSy5IsQg9euqxOR_LjzPe_pdqkm5-hOQyOxYxumbbtTTMp6iNX32yO7bs576zhDQ58ocXgvyiyOcucpw2ZSXuE5OprI5cDqNzAwqxToRYftl7dC7Kgj3-ivQcoYC-lMcrLs2XF14gAA&state=aXUf653tcA2JHIVo37A8EGdRP2vi-i0bRA90OU4exPQ&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:43,092 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: OidcClient$attemptedAuthentication = null 2018-02-21 03:38:43,093 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: oidcStateAttribute = Fz_UaVLHVG2igwxatJmoVFsahkQRBwWUWA5R8eNaYpQ 2018-02-21 03:38:43,097 DEBUG client.OidcClient (OidcClient.java:retrieveRedirectAction(383)) - Authentication request url : https://login.microsoftonline.com/f82969ba-b995-4d80-8bfa-fd22c1d0557a/oauth2/authorize?response_type=code&client_id=385c2bca-5824-4993-a4bd-6c32695eaa34&redirect_uri=https%3A%2F%2Fx.x.2.3%3A8442%2Fgateway%2Fknoxsso%2Fapi%2Fv1%2Fwebsso%3Fpac4jCallback%3Dtrue%26client_name%3DOidcClient&scope=openid+profile+email&state=Fz_UaVLHVG2igwxatJmoVFsahkQRBwWUWA5R8eNaYpQ 2018-02-21 03:38:44,622 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /api/v1/websso 2018-02-21 03:38:44,624 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(99)) - url: https://x.x.2.3:8442/gateway/knoxsso/api/v1/websso?code=AQABAAIAAABHh4kmS_aKT5XrjzxRAtHzIGuOliudWcQXMC987nSPAcZqhj_0UJwjPxfTBhfE1__Bpk2In82dF7Ppav0BEDI857A-hfsIBsoF5ITNepEEFEu_1Vu__cIgXTMtPFqxWXLaLRZ6sGXy-Ra82Es2KJHk_PVezdhnG7ov-FvixBCl8mWqQdKt_A6CxEWRVKgoo3SuM22dHN5Y-q37-oFb4FQHjMCfLJaif7taIHA6jhYGUJtBa7YpYXHKD9ngIyp-QZlyglHh_J-4VCwp7PKFKvKmgNinTzUaL3OaKHHiDBw1hSx-2ZtA5JcqSVboLhQ9XMMm6ChUfoMbq8EpDNvgF_XPWvt18UxPsjldy2Lgj_n6GvAKQ-L23AzCWkKXBMRduZ632VJd-TKL-ujkhOuYMKfCrMeWFGu4AuWmul7NYY223yxQp05Q2t8gyC4iMG-LhtN0WwYxwbVldAHsN4XTOyx0OiJzpv0XQ5_tTGlnG9TH5Hzm9hB7O8aQGnzLZx4m9iBHXSDwnFGlB0zEZibuhR0PgDVZ51JEJYplnemQ_hdgCwfl6J42GFDkhTg97iHo9nj01JqSkmoNH4SjUdhOoRd_XwTet7LYV2ylZxw4DgLVGR4sJz-AXJa7tAbyNKTD-mXGTp5JTkvMQeVGAnIQkxd_8ipEziscmz7HnvMjdJTXqU64zf7luq8lAJVAk1SMtgRi3r_bRX2BjSS-jNb-pAUBmkUFTojqe_jGR20WEpQMrNI4Hvz8qRQySarWjnl7rtogAA&state=Fz_UaVLHVG2igwxatJmoVFsahkQRBwWUWA5R8eNaYpQ&session_state=bcb91b56-6893-48fb-9a0a-ca8cb21041fc 2018-02-21 03:38:44,624 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(100)) - matcherName: null 2018-02-21 03:38:44,625 DEBUG filter.RequiresAuthenticationFilter (RequiresAuthenticationFilter.java:internalFilter(105)) - clientName: OidcClient