If your service.xml has <dispatch classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/>
Then all the headers including the AUTHORIZATION header are passed through to the backend. This would mean that your backend is responsible for authentication. If you want Knox to do authentication, either remove the dispatch line or change it to: <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch"/> This will then pass through Kerberized credentials to your backend. If you are looking to do SSO with Knox then proxying isn't required. Kevin Risden On Thu, Dec 20, 2018 at 8:22 AM Tomislav Novosel <[email protected]> wrote: > > Hi Knox team, > > I'm trying to configure LDAP authentication on Knox. I followed this link to > setup simple web application for testing access. It's a simple HelloWorld. > > https://cwiki.apache.org/confluence/display/KNOX/Proxying+a+UI+using+Knox > > After setup, I've succeeded to access app through Knox gateway. > > I want to restrict access on that webapp URL with some username and password > to type, so I tried to configure LDAP using this link: > > https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Knox_Gateway_Admin_Guide/content/setting_up_ldap_authentication.html > > After that, access was still the same, without user/pass prompt. IDK if that > is even posible with Knox. > In logs I see that access is granted, response code 200. > > How can I achieve user/pass prompt when accessing webapp URL through Knox > gateway? > > Thank you. > BR, > Tom
