Your topology file looks good, I don't see we do anything with authentication in the websocket layer. Do you get any errors on Knox side ? or in Ambari logs ?
Best, Sandeep On Tue, Jul 31, 2018 at 3:32 PM T Smith <[email protected]> wrote: > Hi all, > > I'm using Ambari 2.7 and Knox 1.1. For the websocket connection (stomp) I > see Knox establish everything correctly with the browser (101) but then > fail to establish a corresponding connection with Ambari. It looks like it > is not adding the necessary authentication header. > > GET /api/stomp/v1/websocket HTTP/1.1 > Host: knox-update-18642-hadoop-edge:8080 > Upgrade: websocket > Connection: Upgrade > Sec-WebSocket-Key: TRtEre7kaIjOTsa2X141Cw== > Sec-WebSocket-Version: 13 > Pragma: no-cache > Cache-Control: no-cache > Cookie: io=BI4GrKnjHdccXkqCAAAI > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 > Origin: https://knox.service.dc1.pnda.local:8443 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 > > > HTTP/1.1 403 Missing authentication token > Date: Tue, 31 Jul 2018 19:20:48 GMT > X-Frame-Options: DENY > X-XSS-Protection: 1; mode=block > X-Content-Type-Options: nosniff > Pragma: no-cache > X-Content-Type-Options: nosniff > Content-Type: text/plain;charset=iso-8859-1 > Content-Length: 64 > > { > "status": 403, > "message": "Missing authentication token" > } > > My topology is pretty simple for Ambari. > > <topology> > <gateway> > <provider> > <role>authentication</role> > <name>Anonymous</name> > <enabled>true</enabled> > </provider> > <provider> > <role>identity-assertion</role> > <name>Default</name> > <enabled>false</enabled> > </provider> > </gateway> > > <service> > <role>AMBARI</role> > <url>http://knox-update-18642-hadoop-edge:8080</url> > </service> > > <service> > <role>AMBARIUI</role> > <url>http://knox-update-18642-hadoop-edge:8080</url> > </service> > > <service> > <role>AMBARIWS</role> > <url>ws://knox-update-18642-hadoop-edge:8080</url> > </service> > > </topology> > > Did I miss something? > > Cheers, > /ailuropod4 >
