Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4901

OpenID Connect Auth Immediately Redirects to /null

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.8.2
    • None
    • rest-api, security, zeppelin-server
    • None

    • Both Windows 10 and macOS

    Description

      I've tried many times following some of the configurations above, but for some strange reason, keep getting redirected to http://ZEPPELIN_ROOT/null. It appears that a request for http://ZEPPELIN_ROOT/api/security/ticket is denied ("401 unauthorized request") and subsequently redirected to{{/null}} (It does this very quickly). Strangely enough, however, I can manually access http://ZEPPELIN_ROOT/api/security/ticket, login, and then once I manually navigate to http://ZEPPELIN_ROOT it shows I'm logged in.

      It appears that the X-Frame Option in the Response header is set to "Deny" even though I changed it to "SAMEORIGIN" in zeppelin-site.xml (Also tried just a blank value).

      I'm really not sure where the null is coming from and not sure what to do (or if OpenID Connect is still supported). I attached my shiro.ini file (localhost:8085 is my Keycloak Root and localhost:8080 is my Zeppelin Root).

      Furthermore, the following is shown in the log "out" file every time I access Zeppelin:

      Jun 21, 2020 10:15:06 PM org.glassfish.jersey.internal.Errors logErrors
WARNING: The following warnings have been detected: WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.InterpreterRestApi.listInterpreter(java.lang.String), should not consume any entity.
WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.CredentialRestApi.getCredentials(java.lang.String) throws java.io.IOException,java.lang.IllegalArgumentException, should not consume any entity.
WARNING: The (sub)resource method createNote in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation.
WARNING: The (sub)resource method getNoteList in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation.

      Edit: It does not appear to be due to the log warnings above, but the issue persists. I have tried every possible Keycloak configuration but it seems it must be a Zeppelin issue, not a Keycloak/OpenID Connect Server one as I can authenticate by manually accessing the page and have configured the valid redirect URI on Keycloak as * to test.
       

      Attachments

        1. shiro.ini
          1 kB
          Alexander Swerdlow

        Activity

          People

            Unassigned Unassigned
            aswerdlow Alexander Swerdlow
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: