Zeppelin not loading the index page after redirection from IDP

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Zeppelin not loading the index page after redirection from IDP

Jaideep Singh
Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.clients = $facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh

zeppelinError.webm (5M) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zeppelin not loading the index page after redirection from IDP

Jaideep Singh

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <[hidden email]> wrote:
Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.clients = $facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zeppelin not loading the index page after redirection from IDP

Jaideep Singh
Also attaching the screen shot for 2 JSession id which i got after redirection.

On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <[hidden email]> wrote:
Hello,

I have used saml based sso authentication on zeppelin url which is on localhost:8080. I am able to load the zeppelin page successfully if i disable the shiro.ini file. I have used sso authentication with wso2, configured in shiro.ini with metadata for idp and sp provided there. 
But after redirection from idp to zeppelin / url i am not able to load the page.

Following are the assumption for problem occurence
*  Problem may be due to the websocket calls which are not initiating after redirection, but i can see it works if no authentication applied.
I am getting JSessionid after redirection from IDP. Is Zeppelin server also providing JSessionid which may cause conflicts?

Plese help me to identify the problem.
 
I am attaching the log file and shiro.ini

I have checked the log file the error i am getting is 


17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.server.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty.servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty.servlet.DefaultServlet,-1,true
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter org.apache.zeppelin.server.CorsFilter-5ae50ce6
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter ShiroFilter
17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72) [classes/:na]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.Server.handle(Server.java:499) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.p.s.context.SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: zeppelin
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint


Thanks and Regards,
Jaideep Singh


On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <[hidden email]> wrote:
That is an impressively complex Shira.ini!

500 sounds like something isn't loading correctly. Have you looked at the logs in /car/log/zeppelin?

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <[hidden email]> wrote:

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <[hidden email]> wrote:
Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.clients = $facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh





c1.JPG (61K) Download Attachment
c2.JPG (73K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zeppelin not loading the index page after redirection from IDP

Paul Brenner
Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe someone will know the answer to your problem but my guess is that you are going to have to troubleshoot this by stripping out all that fancy complexity until you get a basic shiro.ini that works and then methodically add pieces back in until you see what is breaking. Once you know what is going on we would all appreciate your help adding to the documentation for using shiro with zeppelin. 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Wed, May 03, 2017 at 8:36 AM Jaideep Singh <">Jaideep Singh > wrote:
Also attaching the screen shot for 2 JSession id which i got after redirection.

On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <[hidden email]> wrote:
Hello,

I have used saml based sso authentication on zeppelin url which is on localhost:8080. I am able to load the zeppelin page successfully if i disable the shiro.ini file. I have used sso authentication with wso2, configured in shiro.ini with metadata for idp and sp provided there. 
But after redirection from idp to zeppelin / url i am not able to load the page.

Following are the assumption for problem occurence
*  Problem may be due to the websocket calls which are not initiating after redirection, but i can see it works if no authentication applied.
I am getting JSessionid after redirection from IDP. Is Zeppelin server also providing JSessionid which may cause conflicts?

Plese help me to identify the problem.
 
I am attaching the log file and shiro.ini

I have checked the log file the error i am getting is 


17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.server.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty.servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty.servlet.DefaultServlet,-1,true
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter org.apache.zeppelin.server.CorsFilter-5ae50ce6
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter ShiroFilter
17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72) [classes/:na]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.Server.handle(Server.java:499) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.p.s.context.SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: zeppelin
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint


Thanks and Regards,
Jaideep Singh


On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <[hidden email]> wrote:
That is an impressively complex Shira.ini!

500 sounds like something isn't loading correctly. Have you looked at the logs in /car/log/zeppelin?

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <[hidden email]> wrote:

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <[hidden email]> wrote:
Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.clients = $facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zeppelin not loading the index page after redirection from IDP

Jaideep Singh
Hello Paul,

Thanks for your support, i am able to prototype it, as my shiro was not updated, it resolved after updation to latest version.

Thanks,
Jaideep Singh

On Wednesday, May 3, 2017, Paul Brenner <[hidden email]> wrote:
Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe someone will know the answer to your problem but my guess is that you are going to have to troubleshoot this by stripping out all that fancy complexity until you get a basic shiro.ini that works and then methodically add pieces back in until you see what is breaking. Once you know what is going on we would all appreciate your help adding to the documentation for using shiro with zeppelin. 

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Wed, May 03, 2017 at 8:36 AM Jaideep Singh <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e&#39;);" target="_blank">Jaideep Singh > wrote:
Also attaching the screen shot for 2 JSession id which i got after redirection.

On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;jaideep333@gmail.com&#39;);" target="_blank">jaideep333@...> wrote:
Hello,

I have used saml based sso authentication on zeppelin url which is on localhost:8080. I am able to load the zeppelin page successfully if i disable the shiro.ini file. I have used sso authentication with wso2, configured in shiro.ini with metadata for idp and sp provided there. 
But after redirection from idp to zeppelin / url i am not able to load the page.

Following are the assumption for problem occurence
*  Problem may be due to the websocket calls which are not initiating after redirection, but i can see it works if no authentication applied.
I am getting JSessionid after redirection from IDP. Is Zeppelin server also providing JSessionid which may cause conflicts?

Plese help me to identify the problem.
 
I am attaching the log file and shiro.ini

I have checked the log file the error i am getting is 


17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.server.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty.servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty.servlet.DefaultServlet,-1,true
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter org.apache.zeppelin.server.CorsFilter-5ae50ce6
17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.e.jetty.servlet.ServletHandler - call filter ShiroFilter
17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) ~[shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) [shiro-core-1.2.3.jar:1.2.3]
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72) [classes/:na]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.Server.handle(Server.java:499) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly]
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.p.s.context.SAML2ContextProvider - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not contain any EntityDescriptors with the ID: zeppelin
17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] DEBUG o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint


Thanks and Regards,
Jaideep Singh


On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;pbrenner@placeiq.com&#39;);" target="_blank">pbrenner@...> wrote:
That is an impressively complex Shira.ini!

500 sounds like something isn't loading correctly. Have you looked at the logs in /car/log/zeppelin?

Paul Brenner
DATA SCIENTIST
<a dir="ltr" href="tel:(217)%20390-3033" target="_blank">(217) 390-3033  

PlaceIQ:Location Data Accuracy


On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Jaideep%2BSingh%2B%5Cx3cjaideep333@gmail.com%5Cx3e&#39;);" target="_blank">Jaideep Singh > wrote:
+<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;users@zeppelin.incubator.apache.org&#39;);" target="_blank">users@...he.org

On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;jaideep333@gmail.com&#39;);" target="_blank">jaideep333@...> wrote:
Hello,

I am not able to load the zeppelin page after redirection from IDP. The page loads with error 500.
I am using SAML based authentication for securing zeppelin home page URL.
Please find the shiro.ini file as follows:
[main]
############################################################################
# PROVIDERS :
############################################################################
subjectFactory = io.buji.pac4j.ClientSubjectFactory
securityManager.subjectFactory = $subjectFactory

facebookClient = org.pac4j.oauth.client.FacebookClient
facebookClient.key = 145278422258960
facebookClient.secret = be21409ba8f39b5dae2a7de525484da8

twitterClient = org.pac4j.oauth.client.TwitterClient
twitterClient.key = CoxUiYwQOSFDReZYdjigBA
twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs

simpleAuthenticator = org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator

formClient = org.pac4j.http.client.indirect.FormClient
formClient.authenticator = $simpleAuthenticator

basicAuthClient = org.pac4j.http.client.indirect.IndirectBasicAuthClient
basicAuthClient.authenticator = $simpleAuthenticator

casClient = org.pac4j.cas.client.CasClient
casClient.casLoginUrl = https://casserverpac4j.herokuapp.com
#casClient.gateway=true

vkClient = org.pac4j.oauth.client.VkClient
vkClient.key = 4224582
vkClient.secret = nDc4IHTqu8ioFMkHKifq

saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration
saml2Config.keystorePath = samlKeystore.jks
saml2Config.keystorePassword = pac4j-demo-passwd
saml2Config.privateKeyPassword = pac4j-demo-passwd
saml2Config.identityProviderMetadataPath = metadata-okta.xml
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = zeppelin
saml2Config.serviceProviderMetadataPath = sp-metadata.xml

saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config

clients = org.pac4j.core.client.Clients
clients.clients = $facebookClient,$twitterClient,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client

############################################################################
# REALM & FILTERS :
############################################################################



clientsRealm = io.buji.pac4j.ClientRealm
#clientsRealm = org.apache.zeppelin.realm.PamRealm
clientsRealm.defaultRoles = ROLE_USER
clientsRealm.clients = $clients

clientsFilter = io.buji.pac4j.ClientFilter
clientsFilter.clients = $clients
clientsFilter.failureUrl = /error500.jsp

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 

securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000



facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
facebookRoles.client = $facebookClient
twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
twitterRoles.client = $twitterClient
formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
formRoles.client = $formClient
basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
basicAuthRoles.client = $basicAuthClient
casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
casRoles.client = $casClient
vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
vkRoles.client = $vkClient
saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter
saml2Roles.client = $saml2Client

[roles]
admin = *


[urls]
/facebook/** = facebookRoles[ROLE_USER]
/twitter/** = twitterRoles[ROLE_USER]
/form/** = formRoles[ROLE_USER]
/basicauth/** = basicAuthRoles[ROLE_USER]
/cas/** = casRoles[ROLE_USER]
/vk/** = vkRoles[ROLE_USER]
/saml/** = saml2Roles[ROLE_USER]
/callback = clientsFilter
/logout = logout
/** = saml2Roles[ROLE_USER]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]


I am attaching the video file for the error coming.

Thanks,
Jaideep Singh





Loading...