If you change the service.xml or rewrite.xml you also need to touch or modify the topology to create a redeployment. You should see in the gateway.log that the topology was redeployed. If you don't see that, your changes probably didn't take effect.
Kevin Risden On Thu, Dec 20, 2018 at 9:20 AM Tomislav Novosel <[email protected]> wrote: > > I changed line: > <dispatch > classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/> > in service.xml > to: > <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch"/> > > and name of authentication provider I changed from anonymous to ShiroProvider. > Nothing happened. Access is open as it was. > > Tom > > On Thu, 20 Dec 2018 at 14:39, larry mccay <[email protected]> wrote: >> >> If you followed the proxying article and your service definition is >> indicating the anonymous authentication provider then that is the issue. >> That overrides any provider configured in the topology. >> >> >> On Thu, Dec 20, 2018, 8:27 AM Kevin Risden <[email protected] wrote: >>> >>> If your service.xml has >>> >>> <dispatch >>> classname="org.apache.knox.gateway.dispatch.PassAllHeadersDispatch"/> >>> >>> Then all the headers including the AUTHORIZATION header are passed >>> through to the backend. This would mean that your backend is >>> responsible for authentication. >>> >>> If you want Knox to do authentication, either remove the dispatch line >>> or change it to: >>> >>> <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch"/> >>> >>> This will then pass through Kerberized credentials to your backend. If >>> you are looking to do SSO with Knox then proxying isn't required. >>> >>> Kevin Risden >>> On Thu, Dec 20, 2018 at 8:22 AM Tomislav Novosel <[email protected]> >>> wrote: >>> > >>> > Hi Knox team, >>> > >>> > I'm trying to configure LDAP authentication on Knox. I followed this link >>> > to setup simple web application for testing access. It's a simple >>> > HelloWorld. >>> > >>> > https://cwiki.apache.org/confluence/display/KNOX/Proxying+a+UI+using+Knox >>> > >>> > After setup, I've succeeded to access app through Knox gateway. >>> > >>> > I want to restrict access on that webapp URL with some username and >>> > password to type, so I tried to configure LDAP using this link: >>> > >>> > https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Knox_Gateway_Admin_Guide/content/setting_up_ldap_authentication.html >>> > >>> > After that, access was still the same, without user/pass prompt. IDK if >>> > that is even posible with Knox. >>> > In logs I see that access is granted, response code 200. >>> > >>> > How can I achieve user/pass prompt when accessing webapp URL through Knox >>> > gateway? >>> > >>> > Thank you. >>> > BR, >>> > Tom
