falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Balu Vellanki <bvella...@hortonworks.com>
Subject Re: UI throws authentication error
Date Wed, 13 May 2015 14:58:17 GMT
Hi Mahak

In a setup that I have, the one difference between your configs and mine
is this.

*.falcon.http.authentication.type=simple


We use simple because the UI is currently read-only.  If you want to set
this to kerberos, you will have to configure your browser. An example doc
for firefox is at 
http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_sp
nego_and_kerberos.html

Thanks
Balu Vellanki 


On 5/13/15, 7:48 AM, "Mahak Mukhi" <mmukhi@yahoo-inc.com.INVALID> wrote:

>I read through the article but I'm not sure if it's the
>startup.properties that is causing this issue. I think its because the
>server is configured to authenticate using kerberos and the browser is
>unable to provide a valid keytab. If that is the case, how do I configure
>the browser to do that. If that is not the case, what might be the issue
>here? Following is a snippet from my startup.properties file.
>##### SPNEGO Configuration
>
># Authentication type must be specified: simple|kerberos|<class>
># org.apache.falcon.security.RemoteUserInHeaderBasedAuthenticationHandler
>can be used for backwards compatibility
>#*.falcon.http.authentication.type=simple
>*.falcon.http.authentication.type=kerberos
>
># Indicates how long (in seconds) an authentication token is valid before
>it has to be renewed.
>*.falcon.http.authentication.token.validity=36000
>
># The signature secret for signing the authentication tokens.
>*.falcon.http.authentication.signature.secret=falcon
>
># The domain to use for the HTTP cookie that stores the authentication
>token.
>*.falcon.http.authentication.cookie.domain=
>
># Indicates if anonymous requests are allowed when using 'simple'
>authentication.
>*.falcon.http.authentication.simple.anonymous.allowed=true
>
># Indicates the Kerberos principal to be used for HTTP endpoint.
># The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO
>specification.
>#*.falcon.http.authentication.kerberos.principal=
>*.falcon.http.authentication.kerberos.principal=HTTP/<principal_name>@DEV.
>YGRID.YAHOO.COM
>
># Location of the keytab file with the credentials for the HTTP principal.
>#*.falcon.http.authentication.kerberos.keytab=
>*.falcon.http.authentication.kerberos.keytab=/homes/mmukhi/keytab_file.key
>tab
>
>
> Regards,
>Mahak Mukhi
> 
>
>
>     On Tuesday, May 12, 2015 1:31 AM, Balu Vellanki
><bvellanki@hortonworks.com> wrote:
>   
>
> Hi 
>
>One the user provides user.name through the prompt, it is stored in
>localStorage object. The issue is most probably with authentication
>settings in startup.properties.
>
>Please look at http://falcon.apache.org/Security.html and make sure the
>properties have correct values,
>
>Thanks
>Balu
>
>On 5/11/15, 9:21 PM, "Pallavi Rao" <pallavi.rao@inmobi.com> wrote:
>
>>Mahak,
>>I have noticed that UI requires user.name to be passed as query param,
>>without which it throws that error. Try with
>>https://localhost:15443/?user.name=<user name>
>>
>>The user is not really authenticated.
>>
>>If this doesn't work, then, pass on the config files and logs (as Ying
>>has
>>requested), so, we can debug further.
>>
>>Thanks,
>>Pallavi
>>
>>On Tue, May 12, 2015 at 5:17 AM, Ying Zheng <yzheng@hortonworks.com>
>>wrote:
>>
>>> Hi Mahak,
>>>
>>> Could you share your configuration file 'startup.properties'? Could you
>>> provide your falcon.application.log under logs folder?
>>>
>>> It is very likely that your startup.property is not set up correctly.
>>>Here
>>> is a guideline:
>>> http://falcon.apache.org/Security.html
>>>
>>>
>>> Thanks,
>>> Ying
>>>
>>>
>>> On 5/11/15, 4:05 PM, "Mahak Mukhi" <mmukhi@yahoo-inc.com.INVALID>
>>>wrote:
>>>
>>> >Hi,
>>> >Whenever I try and access the UI to my falcon
>>> >server(https://<servername>:15443/) it  prompts to ask for a user.name
>>> >which follows with the following exception Failed to load data. Error:
>>> >401 Authentication required.
>>> >What might be causing this?
>>> > Regards,
>>> >Mahak Mukhi
>>>
>>>
>>
>>-- 
>>_____________________________________________________________
>>The information contained in this communication is intended solely for
>>the 
>>use of the individual or entity to whom it is addressed and others
>>authorized to receive it. It may contain confidential or legally
>>privileged 
>>information. If you are not the intended recipient you are hereby
>>notified 
>>that any disclosure, copying, distribution or taking any action in
>>reliance 
>>on the contents of this information is strictly prohibited and may be
>>unlawful. If you have received this communication in error, please notify
>>us immediately by responding to this email and then delete it from your
>>system. The firm is neither liable for the proper and complete
>>transmission 
>>of the information contained in this communication nor for any delay in
>>its 
>>receipt.
>
>
>  


Mime
View raw message