[
https://issues.apache.org/jira/browse/ATLAS-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues reassigned ATLAS-2166:
--------------------------------------
Assignee: Nixon Rodrigues
> On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID
> expired (idle for a long time) , logs in as knox user.
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: ATLAS-2166
> URL: https://issues.apache.org/jira/browse/ATLAS-2166
> Project: Atlas
> Issue Type: Bug
> Components: atlas-intg
> Affects Versions: 1.0.0, 0.8.2
> Reporter: Sharmadha Sainath
> Assignee: Nixon Rodrigues
> Attachments: ATLAS-2166.patch, Atlas_knox_proxy_1.mov
>
>
> 1. Added the following topology ui.xml in knox topologies :
> {code}
> <topology>
> <gateway>
> <provider>
> <role>authentication</role>
> <name>Anonymous</name>
> <enabled>true</enabled>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>false</enabled>
> </provider>
> </gateway>
> <service>
> <role>ATLAS</role>
> <url>http://atlashost:21000</url>
> </service>
> <service>
> <role>ATLAS-API</role>
> <url>http://atlashost:21000</url>
> </service>
> </topology>
> {code}
> 2. Accessed Atlas UI via knox proxy :
> {code}
> https://knoxhost:8443/gateway/ui/atlas/
> {code}
> with user admin.
> 3.Left the page idle for a long time (approx 60 mins) . When refreshed ,
> expected that it would land in login.jsp and ask for username and password.
> Instead , it logged in as knox user.
> Following logs from application logs :
> {code}
> 2017-09-22 07:17:23,267 INFO - [Thread-6:] ~ TGT valid starting at:
> Fri Sep 22 07:17:23 UTC 2017 (Login:302)
> 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT expires:
> Sat Sep 23 07:17:23 UTC 2017 (Login:303)
> 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT refresh sleeping until: Sat
> Sep 23 03:38:59 UTC 2017 (Login:181)
> 2017-09-22 08:28:23,731 INFO - [pool-2-thread-9:] ~ Logged into Atlas as =
> knox (AtlasAuthenticationFilter:291)
> 2017-09-22 08:28:23,732 INFO -
> [pool-2-thread-9:knox:POST/api/atlas/v2/search/basic] ~ Request from
> authenticated user: knox, URL=/api/atlas/v2/search/basic
> (AtlasAuthenticationFilter:305)
> 2017-09-22 08:28:26,685 INFO -
> [org.apache.ranger.audit.queue.AuditBatchQueue1:] ~ Audit Status Log:
> name=atlas.async.multi_dest.batch.solr, interval=01:40:30.245 hours,
> events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363
> (BaseAuditHandler:310)
> 2017-09-22 08:28:26,706 INFO -
> [org.apache.ranger.audit.queue.AuditBatchQueue0:] ~ Audit Status Log:
> name=atlas.async.multi_dest.batch.hdfs, interval=01:40:30.247 hours,
> events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363
> (BaseAuditHandler:310)
> {code}
> Note : Accessed Atlas UI at 08:28:23,731 after 07:17:23,268
> No suspicious logs from knox gateway.log.
> 4. Tried to reproduce the issue by deleting the ATLASSESSIONID and refreshed
> the page. This time it landed in login.jsp correctly.
> Not sure what other cases can reproduce this issue.
> Attached the video recording of the scenario explained.
> Note : Ranger Atlas plugin is enabled. Not sure where Atlas fetches the knox
> user from. Atlas' users-credentials.properties has only admin and
> rangertagsync users.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
