Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.8.2, 1.0.0
-
None
Description
1. Added the following topology ui.xml in knox topologies :
<topology> <gateway> <provider> <role>authentication</role> <name>Anonymous</name> <enabled>true</enabled> </provider> <provider> <role>identity-assertion</role> <name>Default</name> <enabled>false</enabled> </provider> </gateway> <service> <role>ATLAS</role> <url>http://atlashost:21000</url> </service> <service> <role>ATLAS-API</role> <url>http://atlashost:21000</url> </service> </topology>
2. Accessed Atlas UI via knox proxy :
https://knoxhost:8443/gateway/ui/atlas/
with user admin.
3.Left the page idle for a long time (approx 60 mins) . When refreshed , expected that it would land in login.jsp and ask for username and password. Instead , it logged in as knox user.
Following logs from application logs :
2017-09-22 07:17:23,267 INFO - [Thread-6:] ~ TGT valid starting at: Fri Sep 22 07:17:23 UTC 2017 (Login:302) 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT expires: Sat Sep 23 07:17:23 UTC 2017 (Login:303) 2017-09-22 07:17:23,268 INFO - [Thread-6:] ~ TGT refresh sleeping until: Sat Sep 23 03:38:59 UTC 2017 (Login:181) 2017-09-22 08:28:23,731 INFO - [pool-2-thread-9:] ~ Logged into Atlas as = knox (AtlasAuthenticationFilter:291) 2017-09-22 08:28:23,732 INFO - [pool-2-thread-9:knox:POST/api/atlas/v2/search/basic] ~ Request from authenticated user: knox, URL=/api/atlas/v2/search/basic (AtlasAuthenticationFilter:305) 2017-09-22 08:28:26,685 INFO - [org.apache.ranger.audit.queue.AuditBatchQueue1:] ~ Audit Status Log: name=atlas.async.multi_dest.batch.solr, interval=01:40:30.245 hours, events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310) 2017-09-22 08:28:26,706 INFO - [org.apache.ranger.audit.queue.AuditBatchQueue0:] ~ Audit Status Log: name=atlas.async.multi_dest.batch.hdfs, interval=01:40:30.247 hours, events=1, succcessCount=1, totalEvents=363, totalSuccessCount=363 (BaseAuditHandler:310)
Note : Accessed Atlas UI at 08:28:23,731 after 07:17:23,268
No suspicious logs from knox gateway.log.
4. Tried to reproduce the issue by deleting the ATLASSESSIONID and refreshed the page. This time it landed in login.jsp correctly.
Not sure what other cases can reproduce this issue.
Attached the video recording of the scenario explained.
Note : Ranger Atlas plugin is enabled. Not sure where Atlas fetches the knox user from. Atlas' users-credentials.properties has only admin and rangertagsync users.
Attachments
Attachments
Issue Links
- links to