Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4901

OpenID Connect Auth Immediately Redirects to /null

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.8.2
    • Fix Version/s: None
    • Labels:
      None
    • Environment:

      Both Windows 10 and macOS

      Description

      I've tried many times following some of the configurations above, but for some strange reason, keep getting redirected to http://ZEPPELIN_ROOT/null. It appears that a request for http://ZEPPELIN_ROOT/api/security/ticket is denied ("401 unauthorized request") and subsequently redirected to{{/null}} (It does this very quickly). Strangely enough, however, I can manually access http://ZEPPELIN_ROOT/api/security/ticket, login, and then once I manually navigate to http://ZEPPELIN_ROOT it shows I'm logged in.

      It appears that the X-Frame Option in the Response header is set to "Deny" even though I changed it to "SAMEORIGIN" in zeppelin-site.xml (Also tried just a blank value).

      I'm really not sure where the null is coming from and not sure what to do (or if OpenID Connect is still supported). I attached my shiro.ini file (localhost:8085 is my Keycloak Root and localhost:8080 is my Zeppelin Root).

      Furthermore, the following is shown in the log "out" file every time I access Zeppelin:

      Jun 21, 2020 10:15:06 PM org.glassfish.jersey.internal.Errors logErrors
      WARNING: The following warnings have been detected: WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.InterpreterRestApi.listInterpreter(java.lang.String), should not consume any entity.
      WARNING: A HTTP GET method, public javax.ws.rs.core.Response org.apache.zeppelin.rest.CredentialRestApi.getCredentials(java.lang.String) throws java.io.IOException,java.lang.IllegalArgumentException, should not consume any entity.
      WARNING: The (sub)resource method createNote in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation.
      WARNING: The (sub)resource method getNoteList in org.apache.zeppelin.rest.NotebookRestApi contains empty path annotation.
      

      Edit: It does not appear to be due to the log warnings above, but the issue persists. I have tried every possible Keycloak configuration but it seems it must be a Zeppelin issue, not a Keycloak/OpenID Connect Server one as I can authenticate by manually accessing the page and have configured the valid redirect URI on Keycloak as * to test.
       

        Attachments

        1. shiro.ini
          1 kB
          Alexander Swerdlow

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aswerdlow Alexander Swerdlow
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: