atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nixon Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ATLAS-2166) On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID expired (idle for a long time) , logs in as knox user.
Date Fri, 13 Oct 2017 12:28:00 GMT

     [ https://issues.apache.org/jira/browse/ATLAS-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nixon Rodrigues updated ATLAS-2166:
-----------------------------------
    Attachment: ATLAS-2166.2.patch

> On refreshing Atlas page logged in via Knox proxy ,which has ATLASSESSION ID expired
(idle for a long time) , logs in as knox user.
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-2166
>                 URL: https://issues.apache.org/jira/browse/ATLAS-2166
>             Project: Atlas
>          Issue Type: Bug
>          Components: atlas-intg
>    Affects Versions: 1.0.0, 0.8.2
>            Reporter: Sharmadha Sainath
>            Assignee: Nixon Rodrigues
>         Attachments: ATLAS-2166.2.patch, ATLAS-2166.patch, Atlas_knox_proxy_1.mov
>
>
> 1. Added the following topology ui.xml in knox topologies :
> {code}
> <topology>
>     <gateway>
>         <provider>
>             <role>authentication</role>
>             <name>Anonymous</name>
>             <enabled>true</enabled>
>         </provider>
>         <provider>
>             <role>identity-assertion</role>
>             <name>Default</name>
>             <enabled>false</enabled>
>         </provider>
>     </gateway>
> <service>
>         <role>ATLAS</role>
>         <url>http://atlashost:21000</url>
>     </service>
> <service>
>         <role>ATLAS-API</role>
>         <url>http://atlashost:21000</url>
>     </service>
> </topology>
> {code}
> 2. Accessed Atlas UI via knox proxy :
> {code}
> https://knoxhost:8443/gateway/ui/atlas/
> {code}
> with user admin.
> 3.Left the page idle for a long time (approx 60 mins) . When refreshed , expected that
it would land in login.jsp and ask for username and password. Instead , it logged in as knox
user. 
> Following logs from application logs :
> {code}
> 2017-09-22 07:17:23,267 INFO  - [Thread-6:] ~ TGT valid starting at:        Fri Sep 22
07:17:23 UTC 2017 (Login:302)
> 2017-09-22 07:17:23,268 INFO  - [Thread-6:] ~ TGT expires:                  Sat Sep 23
07:17:23 UTC 2017 (Login:303)
> 2017-09-22 07:17:23,268 INFO  - [Thread-6:] ~ TGT refresh sleeping until: Sat Sep 23
03:38:59 UTC 2017 (Login:181)
> 2017-09-22 08:28:23,731 INFO  - [pool-2-thread-9:] ~ Logged into Atlas as = knox (AtlasAuthenticationFilter:291)
> 2017-09-22 08:28:23,732 INFO  - [pool-2-thread-9:knox:POST/api/atlas/v2/search/basic]
~ Request from authenticated user: knox, URL=/api/atlas/v2/search/basic (AtlasAuthenticationFilter:305)
> 2017-09-22 08:28:26,685 INFO  - [org.apache.ranger.audit.queue.AuditBatchQueue1:] ~ Audit
Status Log: name=atlas.async.multi_dest.batch.solr, interval=01:40:30.245 hours, events=1,
succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310)
> 2017-09-22 08:28:26,706 INFO  - [org.apache.ranger.audit.queue.AuditBatchQueue0:] ~ Audit
Status Log: name=atlas.async.multi_dest.batch.hdfs, interval=01:40:30.247 hours, events=1,
succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310)
> {code}
> Note : Accessed Atlas UI at 08:28:23,731 after 07:17:23,268
> No suspicious logs from knox gateway.log.
> 4. Tried to reproduce the issue by deleting the ATLASSESSIONID and refreshed the page.
This time it landed in login.jsp correctly.
> Not sure what other cases can reproduce this issue.
> Attached the video recording of the scenario explained.
> Note : Ranger Atlas plugin is enabled. Not sure where Atlas fetches the knox user from.
Atlas' users-credentials.properties has only admin and rangertagsync users.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message