Major Description
Issue seen while working Atlas with Knox SSO.
Atlas is set up to use Knox SSO form login for authentication.
DSL Search query : hive_table where name="table_1" is encoded by Atlas as
http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
When the above query is fired , it is redirected to knox gateway as :
https:/KnoxGatewayHost:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
On providing correct credentials and trying to sign in , knox threw 500 Internal server error with response :
Problem accessing /gateway/knoxsso/api/v1/websso.
Following exceptions are found in knox gateway logs :
2017-02-10 11:19:36,649 INFO service.knoxsso (WebSSOResource.java:getCookieValue(317)) - Unable to find cookie with name: original-url
2017-02-10 11:19:36,653 ERROR service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(294)) - Unable to add cookie to response. Illegal character in query at index 103: http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:21000/api/atlas/v2/search/dsl?limit=25&query="table_1": [Ljava.lang.StackTraceElement;@479999f5
(Note : host name is masked with "x" chars matching with length of the actual Atlas host name so that "index 103" in gateway logs would make sense)
Actual query was :
hive_table where name="table_"
which now became :
"table_1"
because of the equals character found twice in the query (near query once and near name once)
?limit=25&query=hive_table where name="table_1"
The following query is processed well by Knox as there are no extra "equals"
http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table