atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharmadha Sainath (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ATLAS-2166) On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID expired (idle for a long time) , logs in as knox user.
Date Fri, 22 Sep 2017 08:59:00 GMT
Sharmadha Sainath created ATLAS-2166:
----------------------------------------

             Summary: On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION
ID expired (idle for a long time) , logs in as knox user.
                 Key: ATLAS-2166
                 URL: https://issues.apache.org/jira/browse/ATLAS-2166
             Project: Atlas
          Issue Type: Bug
          Components: atlas-intg
    Affects Versions: 0.9-incubating
            Reporter: Sharmadha Sainath
         Attachments: Atlas_knox_proxy_1.mov

1. Added the following topology ui.xml in knox topologies :
{code}
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
        </provider>
    </gateway>
<service>
        <role>ATLAS</role>
        <url>http://atlashost:21000</url>
    </service>
<service>
        <role>ATLAS-API</role>
        <url>http://atlashost:21000</url>
    </service>
</topology>
{code}

2. Accessed Atlas UI via knox proxy :
{code}
https://knoxhost:8443/gateway/ui/atlas/
{code}
with user admin.

3.Left the page idle for a long time (approx 60 mins) . When refreshed , expected that it
would land in login.jsp and ask for username and password. Instead , it logged in as knox
user. 

Following logs from application logs :
{code}
2017-09-22 07:17:23,267 INFO  - [Thread-6:] ~ TGT valid starting at:        Fri Sep 22 07:17:23
UTC 2017 (Login:302)
2017-09-22 07:17:23,268 INFO  - [Thread-6:] ~ TGT expires:                  Sat Sep 23 07:17:23
UTC 2017 (Login:303)
2017-09-22 07:17:23,268 INFO  - [Thread-6:] ~ TGT refresh sleeping until: Sat Sep 23 03:38:59
UTC 2017 (Login:181)
2017-09-22 08:28:23,731 INFO  - [pool-2-thread-9:] ~ Logged into Atlas as = knox (AtlasAuthenticationFilter:291)
2017-09-22 08:28:23,732 INFO  - [pool-2-thread-9:knox:POST/api/atlas/v2/search/basic] ~ Request
from authenticated user: knox, URL=/api/atlas/v2/search/basic (AtlasAuthenticationFilter:305)
2017-09-22 08:28:26,685 INFO  - [org.apache.ranger.audit.queue.AuditBatchQueue1:] ~ Audit
Status Log: name=atlas.async.multi_dest.batch.solr, interval=01:40:30.245 hours, events=1,
succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310)
2017-09-22 08:28:26,706 INFO  - [org.apache.ranger.audit.queue.AuditBatchQueue0:] ~ Audit
Status Log: name=atlas.async.multi_dest.batch.hdfs, interval=01:40:30.247 hours, events=1,
succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310)
{code}

Note : Accessed Atlas UI at 08:28:23,731 after 07:17:23,268

No suspicious logs from knox gateway.log.

4. Tried to reproduce the issue by deleting the ATLASSESSIONID and refreshed the page. This
time it landed in login.jsp correctly.

Not sure what other cases can reproduce this issue.

Attached the video recording of the scenario explained.

Note : Ranger Atlas plugin is enabled. Not sure where Atlas fetches the knox user from. Atlas'
users-credentials.properties has only admin and rangertagsync users.




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message