0

Trying to deploy Apache Knox as service via Cloudera CDP 7 with openid. Followed documentation and set up all params as needed (ref. knox-openid) but getting pkce error on web page.

Things that I have tried:

  1. CDP7 + Knox1.3.0 has pac4j-4.0.3*.jars which comes shipped with the CDH parcels so tried to replace the jars with both earlier 3.8.3 and latest 5.4.6 jars but it is giving classNotFound error. I am assuming somewhere the service is looking for version 4.0.3 jars specifically.
  2. Found similar bug related to Serializable error here : https://www.mail-archive.com/dev@knox.apache.org/msg27379.html which could mean compatibility issue. Any way to workaround this?
  3. Saw somewhere adding : federation.param.pac4j.disablePkce=true might avoid this pkce check but it didnt help either.

enter image description here

Can anyone suggest a fix or possible workaround for the pkce error I am getting below?

StrangerThinks
  • 246
  • 4
  • 14
  • I recommend contacting Cloudera support and sending an email to Knox mailing list. Swapping jars would not work unfortunately, pac4j dependencies are tricky. Did you try with Apache Knox distribution? For every release we try to check support for SSO for different providers. – Sandeep More Aug 29 '22 at 02:00
  • Cloudera support does not support Openid hence the extended reachout. Turns out CDP7 comes with Knox 1.3.0 and when I checked the jars that came with the bundle, they are v4.0.3. However, official knox changelog shows 3.7.0 hence trying to see if swapping might help. ref: https://github.com/apache/knox/blob/c6fb098ef1b4c4dd2806b52a2bbe5a6904e97927/CHANGES#L524 – StrangerThinks Aug 29 '22 at 15:11

0 Answers0