Re: Knox 1.0.0 Unknown Host Exception for KnoxSSO Config

Ryan H Sat, 03 Mar 2018 19:36:07 -0800

Hi Larry,

I can reach the host via browser, but not via ping... Ping results in
"Unknown Host", I'm seeing a correlation here...


-Ryan

On Sat, Mar 3, 2018 at 10:32 PM, larry mccay <[email protected]> wrote:

> Hi Ryan -
>
> Welcome to Knox-ville!
>
> Going to start with a very obvious question - can you ping that host from
> the machine where the gateway is running?
>
> thanks,
>
> --larry
>
> On Sat, Mar 3, 2018 at 10:07 PM, Ryan H <[email protected]
> > wrote:
>
>> Hi All,
>>
>> Disclaimer: I am very new to Knox!
>>
>> I am working on setting up KnoxSSO with an OpenID provider (Cloud Foundry
>> UAA) for AuthN to an application (Apache NiFi). I am running into an issue
>> where it seems that the oidc.discoverUri is resulting in the following
>> error:
>>
>> 2018-03-03 21:59:37,104 ERROR knox.gateway 
>> (AbstractGatewayFilter.java:doFilter(69))
>> - Failed to execute filter: org.pac4j.core.exception.TechnicalException:
>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone
>> .aws-us01.something.io
>> 2018-03-03 21:59:37,104 ERROR knox.gateway (GatewayFilter.java:doFilter(177))
>> - Gateway processing failed: javax.servlet.ServletException:
>> org.pac4j.core.exception.TechnicalException:
>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone
>> .aws-us01.something.io
>> javax.servlet.ServletException: org.pac4j.core.exception.TechnicalException:
>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone
>> .aws-us01.something.io
>> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilte
>> r(AbstractGatewayFilter.java:70)
>> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(Gatewa
>> yFilter.java:377)
>> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(Gateway
>> Filter.java:277)
>> at org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter
>> .doFilter(XFrameOptionsFilter.java:58)
>> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(Gatewa
>> yFilter.java:377)
>> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(Gateway
>> Filter.java:277)
>> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:171)
>> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:94)
>> at org.apache.knox.gateway.GatewayServlet.service(GatewayServle
>> t.java:141)
>> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
>>
>> *Here is my topology from knoxsso.xml config:*
>>
>> <topology>
>>   <gateway>
>>                 <provider>
>>                     <role>webappsec</role>
>>                     <name>WebAppSec</name>
>>                     <enabled>true</enabled>
>>                     <param><name>xframe.options.en
>> abled</name><value>true</value></param>
>>                 </provider>
>>                 <provider>
>>                     <role>federation</role>
>>                     <name>pac4j</name>
>>                     <enabled>true</enabled>
>>                     <param>
>>                       <name>pac4j.callbackUrl</name>
>>                       <value>https://localhost:8443/
>> gateway/knoxsso/api/v1/websso</value>
>>                     </param>
>>                     <param>
>>                       <name>clientName</name>
>>                       <value>OidcClient</value>
>>                     </param>
>>                     <param>
>>                       <name>oidc.id</name>
>>                       <value>some_client_id</value>
>>                     </param>
>>                     <param>
>>                       <name>oidc.secret</name>
>>                       <value>some_client_secret</value>
>>                     </param>
>>                     <param>
>>                       <name>oidc.discoveryUri</name>
>>                       <value>https://{guid-id}.sub-u
>> aa.another.zone.aws-us01.something.io/.well-known/openid-
>> configuration</value>
>>                     </param>
>>                     <param>
>>                       <name>oidc.preferredJwsAlgorithm</name>
>>                       <value>RS256</value>
>>                     </param>
>>                 </provider>
>>             </gateway>
>>             <application>
>>               <name>knoxauth</name>
>>             </application>
>>             <service>
>>                 <role>KNOXSSO</role>
>>                 <param>
>>                     <name>knoxsso.cookie.secure.only</name>
>>                     <value>false</value>
>>                 </param>
>>                 <param>
>>                     <name>knoxsso.token.ttl</name>
>>                     <value>3600000</value>
>>                 </param>
>>                 <param>
>>                    <name>knoxsso.redirect.whitelist.regex</name>
>>                    <value>^https?:\/\/(localhost
>> |127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
>>                 </param>
>>             </service>
>> </topology>
>>
>>
>> *Here is my topology from sandbox.xml:*
>>
>> <topology>
>>
>>     <gateway>
>>
>> <provider>
>>     <role>federation</role>
>>     <name>SSOCookieProvider</name>
>>     <enabled>true</enabled>
>>     <param>
>>         <name>sso.authentication.provider.url</name>
>>         <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso<
>> /value>
>>     </param>
>> </provider>
>>
>> <provider>
>>     <role>identity-assertion</role>
>>     <name>Default</name>
>>     <enabled>true</enabled>
>> </provider>
>>
>>     </gateway>
>>
>>     <service>
>>         <role>NIFI</role>
>>         <url>http://localhost:8080</url>
>>     </service>
>>
>> </topology>
>>
>> I was able to use the gateway to get to the NiFi app with basic auth as a
>> connectivity test, and now I want to drop in the OpenID provider for the
>> auth I am really after. Any help is greatly appreciated!
>>
>>
>> Cheers,
>>
>> Ryan H.
>>
>
>

Re: Knox 1.0.0 Unknown Host Exception for KnoxSSO Config

Reply via email to