I'm not 100% sure how the Zeppelin integration works, but assuming it is just a filter, you should be able to change it. Take a look at how the basic auth filter works: https://github.com/apache/shiro/blob/master/samples/jaxrs/src/main/resources/shiro.ini#L29 (it pulls the credentials from a header).
The tricky part might be what to do on an auth failure. Do you just respond with a 401/403, or to you redirect back to some "login page" that NGINX manages? (the `authBasic` filter will just respond with status codes by default). If that isn't what you want you would need to take a look at how the `FormAuthenticationFilter` handles this, (but status codes might be enough if you are just routing through NGINX) Keep us posted! On Sun, Oct 21, 2018 at 9:47 AM gaderrick <[email protected]> wrote: > Hello- > > I'm trying to configure Zeppelin (installed on HDP 3.0.1) to authenticate > to > our Active Directory using CAC/PIV cards. We're using NGINX to > capture/forward the header info (which holds) the info on the CAC card to > authenticate the user, but when I click on the "Login" button on the > Zeppelin home page, it "pops up" the default Zeppelin login window > (expecting an email/user and password). > > Does anyone know why this is happening, and more importantly how to fix it? > My hunch is that the line in the shiro init section needs to change from > "/app/login", but I haven't found another option for CAC cards. > > Thanks in advance. > > Jerry > > > > -- > Sent from: http://shiro-developer.582600.n2.nabble.com/ >
