Maybe you have a proxy configured in your browser to allow you to get there.
On Sat, Mar 3, 2018 at 10:35 PM, Ryan H <[email protected]> wrote: > Hi Larry, > > I can reach the host via browser, but not via ping... Ping results in > "Unknown Host", I'm seeing a correlation here... > > -Ryan > > On Sat, Mar 3, 2018 at 10:32 PM, larry mccay <[email protected]> wrote: > >> Hi Ryan - >> >> Welcome to Knox-ville! >> >> Going to start with a very obvious question - can you ping that host from >> the machine where the gateway is running? >> >> thanks, >> >> --larry >> >> On Sat, Mar 3, 2018 at 10:07 PM, Ryan H <ryan.howell.development@gmail >> .com> wrote: >> >>> Hi All, >>> >>> Disclaimer: I am very new to Knox! >>> >>> I am working on setting up KnoxSSO with an OpenID provider (Cloud >>> Foundry UAA) for AuthN to an application (Apache NiFi). I am running into >>> an issue where it seems that the oidc.discoverUri is resulting in the >>> following error: >>> >>> 2018-03-03 21:59:37,104 ERROR knox.gateway >>> (AbstractGatewayFilter.java:doFilter(69)) >>> - Failed to execute filter: org.pac4j.core.exception.TechnicalException: >>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone >>> .aws-us01.something.io >>> 2018-03-03 21:59:37,104 ERROR knox.gateway >>> (GatewayFilter.java:doFilter(177)) >>> - Gateway processing failed: javax.servlet.ServletException: >>> org.pac4j.core.exception.TechnicalException: >>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone >>> .aws-us01.something.io >>> javax.servlet.ServletException: org.pac4j.core.exception.TechnicalException: >>> java.net.UnknownHostException: {guid-id}.sub-uaa.another.zone >>> .aws-us01.something.io >>> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilte >>> r(AbstractGatewayFilter.java:70) >>> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(Gatewa >>> yFilter.java:377) >>> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(Gateway >>> Filter.java:277) >>> at org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter >>> .doFilter(XFrameOptionsFilter.java:58) >>> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(Gatewa >>> yFilter.java:377) >>> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(Gateway >>> Filter.java:277) >>> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter >>> .java:171) >>> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:94) >>> at org.apache.knox.gateway.GatewayServlet.service(GatewayServle >>> t.java:141) >>> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder >>> .java:812) >>> >>> *Here is my topology from knoxsso.xml config:* >>> >>> <topology> >>> <gateway> >>> <provider> >>> <role>webappsec</role> >>> <name>WebAppSec</name> >>> <enabled>true</enabled> >>> <param><name>xframe.options.en >>> abled</name><value>true</value></param> >>> </provider> >>> <provider> >>> <role>federation</role> >>> <name>pac4j</name> >>> <enabled>true</enabled> >>> <param> >>> <name>pac4j.callbackUrl</name> >>> <value>https://localhost:8443/ >>> gateway/knoxsso/api/v1/websso</value> >>> </param> >>> <param> >>> <name>clientName</name> >>> <value>OidcClient</value> >>> </param> >>> <param> >>> <name>oidc.id</name> >>> <value>some_client_id</value> >>> </param> >>> <param> >>> <name>oidc.secret</name> >>> <value>some_client_secret</value> >>> </param> >>> <param> >>> <name>oidc.discoveryUri</name> >>> <value>https://{guid-id}.sub-u >>> aa.another.zone.aws-us01.something.io/.well-known/openid-con >>> figuration</value> >>> </param> >>> <param> >>> <name>oidc.preferredJwsAlgorithm</name> >>> <value>RS256</value> >>> </param> >>> </provider> >>> </gateway> >>> <application> >>> <name>knoxauth</name> >>> </application> >>> <service> >>> <role>KNOXSSO</role> >>> <param> >>> <name>knoxsso.cookie.secure.only</name> >>> <value>false</value> >>> </param> >>> <param> >>> <name>knoxsso.token.ttl</name> >>> <value>3600000</value> >>> </param> >>> <param> >>> <name>knoxsso.redirect.whitelist.regex</name> >>> <value>^https?:\/\/(localhost >>> |127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value> >>> </param> >>> </service> >>> </topology> >>> >>> >>> *Here is my topology from sandbox.xml:* >>> >>> <topology> >>> >>> <gateway> >>> >>> <provider> >>> <role>federation</role> >>> <name>SSOCookieProvider</name> >>> <enabled>true</enabled> >>> <param> >>> <name>sso.authentication.provider.url</name> >>> <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso< >>> /value> >>> </param> >>> </provider> >>> >>> <provider> >>> <role>identity-assertion</role> >>> <name>Default</name> >>> <enabled>true</enabled> >>> </provider> >>> >>> </gateway> >>> >>> <service> >>> <role>NIFI</role> >>> <url>http://localhost:8080</url> >>> </service> >>> >>> </topology> >>> >>> I was able to use the gateway to get to the NiFi app with basic auth as >>> a connectivity test, and now I want to drop in the OpenID provider for the >>> auth I am really after. Any help is greatly appreciated! >>> >>> >>> Cheers, >>> >>> Ryan H. >>> >> >> >
