KNOX and Keycloak for OpenID

Mon, 02 Oct 2017 11:24:27 -0700 

Hello to all,

I'm relatively new to the whole Hadoop/KNOX ecosystem but I'm appointed
with relatively more complicated task: integrate KNOX with an Idp and
specifically with a Keycloak installation which uses OpenID.

I've tried following the User Guide and my current state is I get
redirected to the Keycloak Login portal, I enter my credentials and then
get back to the KnoxSSO urls with an error 500. The log files contain:

gateway.log:

Caused by: java.lang.IllegalArgumentException: The client authentication
must not be null
at com.nimbusds.oauth2.sdk.TokenRequest.<init>(TokenRequest.java:87)
at com.nimbusds.oauth2.sdk.TokenRequest.<init>(TokenRequest.java:112)

gateway-audit.log:

17/10/02 18:07:17
||287109de-665e-469e-811e-8991550b27e6|audit|91.138.248.128|WEBHDFS||||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|unavailable|Request
method: GET
17/10/02 18:07:17
||287109de-665e-469e-811e-8991550b27e6|audit|91.138.248.128|WEBHDFS||||access|uri|/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|success|Response
status: 302
17/10/02 18:07:17
||a17b49de-dcf6-4bf1-90b1-6f2551e5380f|audit|91.138.248.128|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=
https://83.212.114.145:8443/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|unavailable|Request
method: GET
17/10/02 18:07:17
||a17b49de-dcf6-4bf1-90b1-6f2551e5380f|audit|91.138.248.128|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=
https://83.212.114.145:8443/gateway/sandbox/webhdfs/v1/?op=GETHOMEDIRECTORY|success|Response
status: 302
17/10/02 18:07:17
||0cef72c6-e010-4275-a309-66124e7a1cdb|audit|91.138.248.128|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=OidcClient&state=8_-8Ni4pQynijY1ov26rNhXAYkWBWx10GyqJSnZHXYA&code=dFHZBD2zpFbZYFLUArBdHaA1Nb_uEoDzHhULpehX7Sg.cbc5dae7-3532-4e56-a530-de1ea90b078a|unavailable|Request
method: GET
17/10/02 18:07:17
||0cef72c6-e010-4275-a309-66124e7a1cdb|audit|91.138.248.128|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=OidcClient&state=8_-8Ni4pQynijY1ov26rNhXAYkWBWx10GyqJSnZHXYA&code=dFHZBD2zpFbZYFLUArBdHaA1Nb_uEoDzHhULpehX7Sg.cbc5dae7-3532-4e56-a530-de1ea90b078a|failure|

Also, Keycloak does not report something out of the ordinary.

My question is if and how to further debug this. I also wanted to try a
bearer-only configuration but the documentation is not clear enough for the
configuration.

Please. Help.

KR,
Nick Vidiadakis

Reply via email to