Hello Paul, Thanks for your support, i am able to prototype it, as my shiro was not updated, it resolved after updation to latest version.
Thanks, Jaideep Singh On Wednesday, May 3, 2017, Paul Brenner <pbren...@placeiq.com> wrote: > Unfortunately I haven't seen a ton of Shiro expertise on this list. Maybe > someone will know the answer to your problem but my guess is that you are > going to have to troubleshoot this by stripping out all that fancy > complexity until you get a basic shiro.ini that works and then methodically > add pieces back in until you see what is breaking. Once you know what is > going on we would all appreciate your help adding to the documentation for > using shiro with zeppelin. > > <http://www.placeiq.com/> <http://www.placeiq.com/> > <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq> > <https://twitter.com/placeiq> <https://twitter.com/placeiq> > <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> > <https://www.linkedin.com/company/placeiq> > <https://www.linkedin.com/company/placeiq> > DATA SCIENTIST > *(217) 390-3033 <(217)%20390-3033> * > > <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/> > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/> > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP> > <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/> > <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image: > PlaceIQ:Location Data Accuracy] > <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/> > > > On Wed, May 03, 2017 at 8:36 AM Jaideep Singh <Jaideep Singh > <javascript:_e(%7B%7D,'cvml','jaideep%2bsingh%2b%5cx3cjaideep...@gmail.com%5Cx3e');>> > wrote: > >> Also attaching the screen shot for 2 JSession id which i got after >> redirection. >> >> On Wed, May 3, 2017 at 5:18 PM, Jaideep Singh <jaideep...@gmail.com >> <javascript:_e(%7B%7D,'cvml','jaideep...@gmail.com');>> wrote: >> >>> Hello, >>> >>> I have used saml based sso authentication on zeppelin url which is on >>> localhost:8080. I am able to load the zeppelin page successfully if i >>> disable the shiro.ini file. I have used sso authentication with wso2, >>> configured in shiro.ini with metadata for idp and sp provided there. >>> But after redirection from idp to zeppelin / url i am not able to load >>> the page. >>> >>> Following are the assumption for problem occurence >>> *** Problem may be due to the websocket calls which are not initiating >>> after redirection, but i can see it works if no authentication applied. >>> ** *I am getting JSessionid after redirection from IDP. Is Zeppelin >>> server also providing JSessionid which may cause conflicts? >>> >>> Plese help me to identify the problem. >>> >>> I am attaching the log file and shiro.ini. >>> >>> I have checked the log file the error i am getting is >>> >>> >>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.e.jetty.servlet.ServletHandler - chain=org.apache.zeppelin.serv >>> er.CorsFilter-5ae50ce6->ShiroFilter->org.eclipse.jetty. >>> servlet.DefaultServlet-69b2283a@5b910f06==org.eclipse.jetty. >>> servlet.DefaultServlet,-1,true >>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.e.jetty.servlet.ServletHandler - call filter >>> org.apache.zeppelin.server.CorsFilter-5ae50ce6 >>> 17:01:05.402 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.e.jetty.servlet.ServletHandler - call filter ShiroFilter >>> 17:01:05.403 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.a.shiro.mgt.DefaultSecurityManager - Resolved SubjectContext context >>> session is invalid. Ignoring and creating an anonymous (session-less) >>> Subject instance. >>> org.apache.shiro.session.UnknownSessionException: There is no session >>> with id [804affc8-ea2c-40ad-9db8-0492c9f1f134/api/security/ticket] >>> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSess >>> ion(AbstractSessionDAO.java:170) ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS >>> essionFromDataSource(DefaultSessionManager.java:236) >>> ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveS >>> ession(DefaultSessionManager.java:222) ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.session.mgt.AbstractValidatingSessionManage >>> r.doGetSession(AbstractValidatingSessionManager.java:118) >>> ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lo >>> okupSession(AbstractNativeSessionManager.java:108) >>> ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.ge >>> tSession(AbstractNativeSessionManager.java:100) >>> ~[shiro-core-1.2.3.jar:1.2.3] >>> at >>> org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125) >>> ~[shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSe >>> ssion(DefaultSecurityManager.java:456) [shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(D >>> efaultSecurityManager.java:442) [shiro-core-1.2.3.jar:1.2.3] >>> at >>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) >>> [shiro-core-1.2.3.jar:1.2.3] >>> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) >>> [shiro-core-1.2.3.jar:1.2.3] >>> at >>> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) >>> [shiro-web-1.2.3.jar:1.2.3] >>> at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubje >>> ct(AbstractShiroFilter.java:292) [shiro-web-1.2.3.jar:1.2.3] >>> at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInt >>> ernal(AbstractShiroFilter.java:359) [shiro-web-1.2.3.jar:1.2.3] >>> at >>> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) >>> [shiro-web-1.2.3.jar:1.2.3] >>> at >>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) >>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72) >>> [classes/:na] >>> at >>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) >>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) >>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) >>> [jetty-security-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) >>> [jetty-servlet-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at org.eclipse.jetty.server.handler.ContextHandlerCollection.ha >>> ndle(ContextHandlerCollection.java:215) [jetty-server-9.2.15.v20160210 >>> .jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at org.eclipse.jetty.server.Server.handle(Server.java:499) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) >>> [jetty-server-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) >>> [jetty-io-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) >>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at >>> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) >>> [jetty-util-9.2.15.v20160210.jar:9.2.15.v20160210] >>> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121] >>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.a.s.s.mgt.DefaultSessionManager - Creating new EIS record for new >>> session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] >>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.a.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie >>> [JSESSIONID=1ba59f91-fe61-4153-b45d-4d1b4f813a05; Path=/; HttpOnly] >>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.p.s.context.SAML2ContextProvider - Creating message storage by >>> org.pac4j.saml.storage.EmptyStorageFactory >>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.o.s.m.r.i.AbstractMetadataResolver - Metadata backing store does not >>> contain any EntityDescriptors with the ID: zeppelin >>> 17:01:05.404 [qtp1663619914-60 - /;JSESSIONID=804affc8-ea2c-40a >>> d-9db8-0492c9f1f134/api/security/ticket] DEBUG >>> o.o.s.m.support.SAML2MetadataSupport - Selecting default IndexedEndpoint >>> >>> >>> Thanks and Regards, >>> Jaideep Singh >>> >>> >>> On Tue, May 2, 2017 at 5:24 PM, Paul Brenner <pbren...@placeiq.com >>> <javascript:_e(%7B%7D,'cvml','pbren...@placeiq.com');>> wrote: >>> >>>> That is an impressively complex Shira.ini! >>>> >>>> 500 sounds like something isn't loading correctly. Have you looked at >>>> the logs in /car/log/zeppelin? >>>> >>>> <http://www.placeiq.com/> <http://www.placeiq.com/> >>>> <http://www.placeiq.com/> Paul Brenner <https://twitter.com/placeiq> >>>> <https://twitter.com/placeiq> <https://twitter.com/placeiq> >>>> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> >>>> <https://www.linkedin.com/company/placeiq> >>>> <https://www.linkedin.com/company/placeiq> >>>> DATA SCIENTIST >>>> *(217) 390-3033 <(217)%20390-3033> * >>>> >>>> <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/> >>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> >>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> >>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> >>>> <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> >>>> <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/> >>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> >>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> >>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> >>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> >>>> <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> >>>> <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP> >>>> <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/> >>>> <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>[image: >>>> PlaceIQ:Location Data Accuracy] >>>> <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/> >>>> >>>> >>>> On Tue, May 02, 2017 at 1:51 AM Jaideep Singh <Jaideep Singh >>>> <javascript:_e(%7B%7D,'cvml','jaideep%2bsingh%2b%5cx3cjaideep...@gmail.com%5Cx3e');>> >>>> wrote: >>>> >>>>> +us...@zeppelin.incubator.apache.org >>>>> <javascript:_e(%7B%7D,'cvml','us...@zeppelin.incubator.apache.org');> >>>>> >>>>> On Mon, May 1, 2017 at 6:01 PM, Jaideep Singh <jaideep...@gmail.com >>>>> <javascript:_e(%7B%7D,'cvml','jaideep...@gmail.com');>> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I am not able to load the zeppelin page after redirection from IDP. >>>>>> The page loads with error 500. >>>>>> I am using SAML based authentication for securing zeppelin home page >>>>>> URL. >>>>>> Please find the shiro.ini file as follows: >>>>>> [main] >>>>>> ############################################################ >>>>>> ################ >>>>>> # PROVIDERS : >>>>>> ############################################################ >>>>>> ################ >>>>>> subjectFactory = io.buji.pac4j.ClientSubjectFactory >>>>>> securityManager.subjectFactory = $subjectFactory >>>>>> >>>>>> facebookClient = org.pac4j.oauth.client.FacebookClient >>>>>> facebookClient.key = 145278422258960 >>>>>> facebookClient.secret = be21409ba8f39b5dae2a7de525484da8 >>>>>> >>>>>> twitterClient = org.pac4j.oauth.client.TwitterClient >>>>>> twitterClient.key = CoxUiYwQOSFDReZYdjigBA >>>>>> twitterClient.secret = 2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs >>>>>> >>>>>> simpleAuthenticator = org.pac4j.http.credentials.aut >>>>>> henticator.test.SimpleTestUsernamePasswordAuthenticator >>>>>> >>>>>> formClient = org.pac4j.http.client.indirect.FormClient >>>>>> formClient.loginUrl = http://10.11.198.126:8083/loginForm.jsp >>>>>> formClient.authenticator = $simpleAuthenticator >>>>>> >>>>>> basicAuthClient = org.pac4j.http.client.indirect >>>>>> .IndirectBasicAuthClient >>>>>> basicAuthClient.authenticator = $simpleAuthenticator >>>>>> >>>>>> casClient = org.pac4j.cas.client.CasClient >>>>>> casClient.casLoginUrl = https://casserverpac4j.herokuapp.com >>>>>> #casClient.gateway=true >>>>>> >>>>>> vkClient = org.pac4j.oauth.client.VkClient >>>>>> vkClient.key = 4224582 >>>>>> vkClient.secret = nDc4IHTqu8ioFMkHKifq >>>>>> >>>>>> saml2Config = org.pac4j.saml.client.SAML2ClientConfiguration >>>>>> saml2Config.keystorePath = samlKeystore.jks >>>>>> saml2Config.keystorePassword = pac4j-demo-passwd >>>>>> saml2Config.privateKeyPassword = pac4j-demo-passwd >>>>>> saml2Config.identityProviderMetadataPath = metadata-okta.xml >>>>>> saml2Config.maximumAuthenticationLifetime = 3600 >>>>>> saml2Config.serviceProviderEntityId = zeppelin >>>>>> saml2Config.serviceProviderMetadataPath = sp-metadata.xml >>>>>> >>>>>> saml2Client = org.pac4j.saml.client.SAML2Client >>>>>> saml2Client.configuration = $saml2Config >>>>>> >>>>>> clients = org.pac4j.core.client.Clients >>>>>> clients.callbackUrl = http://10.11.198.126:8083/callback >>>>>> clients.clients = $facebookClient,$twitterClient >>>>>> ,$formClient,$basicAuthClient,$casClient,$vkClient,$saml2Client >>>>>> >>>>>> ############################################################ >>>>>> ################ >>>>>> # REALM & FILTERS : >>>>>> ############################################################ >>>>>> ################ >>>>>> >>>>>> >>>>>> >>>>>> clientsRealm = io.buji.pac4j.ClientRealm >>>>>> #clientsRealm = org.apache.zeppelin.realm.PamRealm >>>>>> clientsRealm.defaultRoles = ROLE_USER >>>>>> clientsRealm.clients = $clients >>>>>> >>>>>> clientsFilter = io.buji.pac4j.ClientFilter >>>>>> clientsFilter.clients = $clients >>>>>> clientsFilter.failureUrl = /error500.jsp >>>>>> >>>>>> sessionManager = org.apache.shiro.web.session.m >>>>>> gt.DefaultWebSessionManager >>>>>> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager >>>>>> securityManager.cacheManager = $cacheManager >>>>>> >>>>>> securityManager.sessionManager = $sessionManager >>>>>> securityManager.sessionManager.globalSessionTimeout = 86400000 >>>>>> >>>>>> >>>>>> >>>>>> facebookRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> facebookRoles.client = $facebookClient >>>>>> twitterRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> twitterRoles.client = $twitterClient >>>>>> formRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> formRoles.client = $formClient >>>>>> basicAuthRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> basicAuthRoles.client = $basicAuthClient >>>>>> casRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> casRoles.client = $casClient >>>>>> vkRoles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> vkRoles.client = $vkClient >>>>>> saml2Roles = io.buji.pac4j.filter.ClientRolesAuthorizationFilter >>>>>> saml2Roles.client = $saml2Client >>>>>> >>>>>> [roles] >>>>>> admin = * >>>>>> >>>>>> >>>>>> [urls] >>>>>> /facebook/** = facebookRoles[ROLE_USER] >>>>>> /twitter/** = twitterRoles[ROLE_USER] >>>>>> /form/** = formRoles[ROLE_USER] >>>>>> /basicauth/** = basicAuthRoles[ROLE_USER] >>>>>> /cas/** = casRoles[ROLE_USER] >>>>>> /vk/** = vkRoles[ROLE_USER] >>>>>> /saml/** = saml2Roles[ROLE_USER] >>>>>> /callback = clientsFilter >>>>>> /logout = logout >>>>>> /** = saml2Roles[ROLE_USER] >>>>>> /api/version = anon >>>>>> /api/interpreter/** = authc, roles[admin] >>>>>> /api/configurations/** = authc, roles[admin] >>>>>> /api/credential/** = authc, roles[admin] >>>>>> >>>>>> >>>>>> I am attaching the video file for the error coming. >>>>>> >>>>>> Thanks, >>>>>> Jaideep Singh >>>>>> >>>>> >>>>> >>> > > >