I changed line: <dispatch classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/> in service.xml to: <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch"/>
and name of authentication provider I changed from anonymous to ShiroProvider. Nothing happened. Access is open as it was. Tom On Thu, 20 Dec 2018 at 14:39, larry mccay <lmc...@apache.org> wrote: > If you followed the proxying article and your service definition is > indicating the anonymous authentication provider then that is the issue. > That overrides any provider configured in the topology. > > > On Thu, Dec 20, 2018, 8:27 AM Kevin Risden <kris...@apache.org wrote: > >> If your service.xml has >> >> <dispatch >> classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/> >> >> Then all the headers including the AUTHORIZATION header are passed >> through to the backend. This would mean that your backend is >> responsible for authentication. >> >> If you want Knox to do authentication, either remove the dispatch line >> or change it to: >> >> <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch"/> >> >> This will then pass through Kerberized credentials to your backend. If >> you are looking to do SSO with Knox then proxying isn't required. >> >> Kevin Risden >> On Thu, Dec 20, 2018 at 8:22 AM Tomislav Novosel <to.novo...@gmail.com> >> wrote: >> > >> > Hi Knox team, >> > >> > I'm trying to configure LDAP authentication on Knox. I followed this >> link to setup simple web application for testing access. It's a simple >> HelloWorld. >> > >> > >> https://cwiki.apache.org/confluence/display/KNOX/Proxying+a+UI+using+Knox >> > >> > After setup, I've succeeded to access app through Knox gateway. >> > >> > I want to restrict access on that webapp URL with some username and >> password to type, so I tried to configure LDAP using this link: >> > >> > >> https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Knox_Gateway_Admin_Guide/content/setting_up_ldap_authentication.html >> > >> > After that, access was still the same, without user/pass prompt. IDK if >> that is even posible with Knox. >> > In logs I see that access is granted, response code 200. >> > >> > How can I achieve user/pass prompt when accessing webapp URL through >> Knox gateway? >> > >> > Thank you. >> > BR, >> > Tom >> >
