metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From larry mccay <larry.mc...@gmail.com>
Subject Re: Metron with Knox and reload issue
Date Thu, 02 Apr 2020 04:32:15 GMT
Hi Tom -

I assume you are using KnoxSSO.
Generally, the redirect loop is a result of one of a few things:

1. cookie isn't being presented by the browser
   a. it is set as http only and you have disabled SSL in knox
   b. the domain of the cookie is different from the domain of the endpoint
2. the cookie was never successfully set on the browser

Checking that the hadoop-jwt cookie is set on the browser in developer
tools is the place to start.

HTH,

--larry

On Wed, Apr 1, 2020 at 12:05 PM Yerex, Tom <tom.yerex@ubc.ca> wrote:

> Thanks Nick. If I find a solution I'll share that with the community. It
> might be PEBCAK, that remains to figure out.
>
> ;-)
>
> --
>
> *Tom Yerex*
>
> Cybersecurity Analyst, Information Technology
>
> Cybersecurity | CISO Office
>
> The University of British Columbia | Musqueam Traditional Territory
>
> Ponderosa Office Annex A | Vancouver BC | V6T1Z2 Canada
>
> Phone 604 822 6531
>
> Privacy Matters @ UBC
>
>
> On 2020-04-01 07:05:57-07:00 Nick Allen wrote:
>
> I am not sure Tom.  Wish I could help. I'd suggest also asking on the
> Apache Knox help forums.
>
> On Sat, Mar 28, 2020 at 2:27 AM Yerex, Tom <tom.yerex@ubc.ca> wrote:
>
>> Good evening,
>>
>> Working with the instructions from hxxps://
>> github.com/apache/metron/tree/master/metron-interface
>>
>> This is a new installation and we are using LDAP with Metron and now
>> attempting to use Knox for access control.
>>
>> Using Apache Metron Management and Alerts UI directly, the login works
>> with LDAP credentials. When I try to access Metron Alerts or Management UI
>> through the Apache Knox Gateway, it seems to get locked into an infinite
>> refresh loop after authentication is successful.
>>
>> I am not sure if this has any bearing, we are using a self-signed
>> certificate, although Metron Alerts and Management UI are simply over the
>> standard ports with no SSL enabled.
>>
>> I have worked with Angular using nginx as a reverse-proxy for multiple
>> Angular sites, and vaguely recall similar behaviour due to the way node
>> must be made aware of the new URL path.
>>
>> For example, Angular/node expects the main URL to be "/", but when a
>> reverse-proxy is applied the path may change to become "/site1/", and so
>> additional steps need to be taken.
>>
>> I'm still not familiar enough with Knox, so I'm hoping someone else has
>> faced this problem and can offer insight.
>>
>> Thank you,
>>
>> Tom.
>>
>>
>>
>>
>>
>

Mime
View raw message