Replies: 3
We have successfully configured ambari with Active Directory to the point where can see a successful authentication and authorization call, but we are never actually logged in. The successful calls are shown below from the ambari-server.log…
[root@cmhlpbigdapp01 conf]# grep succ auth.txt
07:02:51,729 DEBUG [qtp1171366715-24 - /api/v1/users/showard?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name&_=1418817771197] BasicAuthenticationFilter:171 - Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c89bf82e: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@c89b8f82: Dn: cn=Howard\, Steve,ou=DC1,ou=User Accounts,ou=ILM Managed,dc=fake,dc=domain; Username: showard; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: 1.1.1.1; SessionId: null; Not granted any authorities
07:02:51,763 DEBUG [qtp1171366715-24 - /api/v1/users/showard?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name&_=1418817771197] FilterSecurityInterceptor:215 - Authorization successful
[root@cmhlpbigdapp01 conf]#
The browser returns the following text…
Unable to connect to Ambari Server. Confirm Ambari Server is running and you can reach Ambari Server from this machine.
The log also has the following…
07:02:51,840 DEBUG [qtp1171366715-24 - /api/v1/users/showard?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name&_=1418817771197] HttpSessionSecurityContextRepository:292 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@c89bf82e: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c89bf82e: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@c89b8f82: Dn: cn=Howard\, Steve,ou=DC1,ou=User Accounts,ou=ILM Managed,dc=fake,dc=domain; Username: showard; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: 1.1.1.1; SessionId: null; Not granted any authorities'
Our understanding is we should be able to add these accounts to local ambari roles once authenticated. What are we missing?