Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.8.2
-
None
-
None
-
Both Windows 10 and macOS
Description
I've tried many times following some of the configurations above, but for some strange reason, keep getting redirected to http://ZEPPELIN_ROOT/null. It appears that a request for http://ZEPPELIN_ROOT/api/security/ticket is denied ("401 unauthorized request") and subsequently redirected to{{/null}} (It does this very quickly). Strangely enough, however, I can manually access http://ZEPPELIN_ROOT/api/security/ticket, login, and then once I manually navigate to http://ZEPPELIN_ROOT it shows I'm logged in.
It appears that the X-Frame Option in the Response header is set to "Deny" even though I changed it to "SAMEORIGIN" in zeppelin-site.xml (Also tried just a blank value).
I'm really not sure where the null is coming from and not sure what to do (or if OpenID Connect is still supported). I attached my shiro.ini file (localhost:8085 is my Keycloak Root and localhost:8080 is my Zeppelin Root).
Furthermore, the following is shown in the log "out" file every time I access Zeppelin:
Jun 21, 2020 10:15:06 PM org.glassfish.jersey.internal.Errors logErrors WARNING: The following warnings have been detected: WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.InterpreterRestApi.listInterpreter(java.lang.String), should not consume any entity. WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.CredentialRestApi.getCredentials(java.lang.String) throws java.io.IOException,java.lang.IllegalArgumentException, should not consume any entity. WARNING: The (sub)resource method createNote in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation. WARNING: The (sub)resource method getNoteList in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation.
Edit: It does not appear to be due to the log warnings above, but the issue persists. I have tried every possible Keycloak configuration but it seems it must be a Zeppelin issue, not a Keycloak/OpenID Connect Server one as I can authenticate by manually accessing the page and have configured the valid redirect URI on Keycloak as * to test.