You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please include as much detailed information about the problem as possible.
I am trying to install Druid on K8s cluster using Helm chart. I need to add the SSO (Open ID connect) on to the router. For this, I am using pac4j.
However, even after the SSO, I am prompted with a username/password dialog box as can be seen in the screenshot. I do not want to have two login sessions. The SSO login must be the one which identifies the user and assigns the necessary roles. Please help here!!!
The below are the configurations on the router:
2023-11-27T13:56:25+0000 startup service router
Setting druid.host=10.4.0.28 in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.skipOnFailure=false in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.indexer.logs.type=file in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizer.BasicMetadataAuthorizer.enableCacheNotifications=true in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.pac4j.type=pac4j in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticatorChain=["pac4j"] in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.initialAdminPassword=xxxxxxxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizer.BasicMetadataAuthorizer.initialAdminRole=admin in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.escalator.internalClientUsername=druid_system in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.extensions.loadList=["druid-basic-security", "druid-pac4j", "druid-multi-stage-query", "druid-stats", "druid-datasketches", "druid-kafka-indexing-service", "druid-protobuf-extensions", "druid-parquet-extensions", "druid-orc-extensions", "druid-azure-extensions", "druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "postgresql-metadata-storage", "statsd-emitter"] in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.type=basic in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.azure.key=xxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.enablePlaintextPort=true in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.pac4j.oidc.clientID=xxxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.escalator.authorizerName=BasicMetadataAuthorizer in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.pac4j.cookiePassphrase=xxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.pac4j.oidc.oidcClaim=sub in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.pac4j.oidc.clientSecret=xxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.metadata.storage.type=postgresql in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.emitter.http.recipientBaseUrl=http://druid_exporter_url/:druid_exporter_port/druid in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.initialInternalClientPassword=xxxxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.azure.container=deepstorage in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.metadata.storage.connector.connectURI=jdbc:postgresql://dipeopensource.postgres.database.azure.com:5432/druid in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.credentialsValidator.type=metadata in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizer.allowAll.type=allowAll in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.storage.type=azure in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.pac4j.oidc.discoveryURI=https://xxxxxxxx.net/v1/.well-known/openid-configuration in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizer.BasicMetadataAuthorizer.roleProvider.type=context in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.metadata.storage.connector.user=druid_user in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.escalator.internalClientPassword=xxxxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.pac4j.authorizerName=BasicMetadataAuthorizer in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.router.managementProxy.enabled=true in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.indexer.logs.directory=/opt/data/indexing-logs in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.zk.service.host=druid-zookeeper-headless:2181 in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizer.BasicMetadataAuthorizer.type=basic in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.escalator.type=basic in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.emitter=noop in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authenticator.BasicMetadataAuthenticator.authorizerName=allowAll in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.metadata.storage.connector.password=xxxxxxxxx in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.emitter.logging.logLevel=debug in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.metadata.postgres.ssl.sslMode=require in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.auth.authorizers=["BasicMetadataAuthorizer", "allowAll"] in /tmp/conf/druid/cluster/query/router/runtime.properties
Setting druid.azure.account=dipedevdsstorage in /tmp/conf/druid/cluster/query/router/runtime.properties
The text was updated successfully, but these errors were encountered:
Hi can you please show your druid router properties? It could be likely your basicAuthenticator is added before the pac4j authenticator in druid.auth.authenticatorChain. This would cause the pac4j auth to happen before the basic authenticator flow.
I was able to reproduce this issue when my BasciMetaDataAuth is existing in config.properties, to prevent double login I had to add druid.auth.authenticatorChain=["pac4j","MyBasicMetadataAuthenticator"]. This causes router status to return 403 the entire time. I havent been able to move beyond that. If you find any workaround to using basic auth and pac4j auth Kindly update here as even I am looking for the same.
Description
Please include as much detailed information about the problem as possible.
I am trying to install Druid on K8s cluster using Helm chart. I need to add the SSO (Open ID connect) on to the router. For this, I am using pac4j.
However, even after the SSO, I am prompted with a username/password dialog box as can be seen in the screenshot. I do not want to have two login sessions. The SSO login must be the one which identifies the user and assigns the necessary roles. Please help here!!!
The below are the configurations on the router:
The text was updated successfully, but these errors were encountered: