Hi all, I'm using Ambari 2.7 and Knox 1.1. For the websocket connection (stomp) I see Knox establish everything correctly with the browser (101) but then fail to establish a corresponding connection with Ambari. It looks like it is not adding the necessary authentication header.
GET /api/stomp/v1/websocket HTTP/1.1 Host: knox-update-18642-hadoop-edge:8080 Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: TRtEre7kaIjOTsa2X141Cw== Sec-WebSocket-Version: 13 Pragma: no-cache Cache-Control: no-cache Cookie: io=BI4GrKnjHdccXkqCAAAI Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Origin: https://knox.service.dc1.pnda.local:8443 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 HTTP/1.1 403 Missing authentication token Date: Tue, 31 Jul 2018 19:20:48 GMT X-Frame-Options: DENY X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Pragma: no-cache X-Content-Type-Options: nosniff Content-Type: text/plain;charset=iso-8859-1 Content-Length: 64 { "status": 403, "message": "Missing authentication token" } My topology is pretty simple for Ambari. <topology> <gateway> <provider> <role>authentication</role> <name>Anonymous</name> <enabled>true</enabled> </provider> <provider> <role>identity-assertion</role> <name>Default</name> <enabled>false</enabled> </provider> </gateway> <service> <role>AMBARI</role> <url>http://knox-update-18642-hadoop-edge:8080</url> </service> <service> <role>AMBARIUI</role> <url>http://knox-update-18642-hadoop-edge:8080</url> </service> <service> <role>AMBARIWS</role> <url>ws://knox-update-18642-hadoop-edge:8080</url> </service> </topology> Did I miss something? Cheers, /ailuropod4
