SAML Integration with HUE-4.5.0

Administrator: installation, configuration
#1

Hi,

I am trying to integrate Hue with Okta as a LDP.
After I login I am receiving the following error.

**Bad status for request TOpenSessionReq(username='hue', password=None, client_protocol=6, configuration={'hive.server2.proxy.user': u'aman.khare@XXXX.com'}): TOpenSessionResp(status=TStatus(errorCode=None, errorMessage='Illegal principal name aman.khare@XXXX.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to aman.khare@XXXX.com', sqlState=None, infoMessages=['*java.lang.IllegalArgumentException:Illegal principal name aman.khare@XXXX.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to aman.khare@XXXX.com:18:17', 'org.apache.hadoop.security.User::User.java:51', 'org.apache.hadoop.security.UserGroupInformation:createProxyUser:UserGroupInformation.java:1348', 'org.apache.hive.service.cli.session.HiveSessionImplwithUGI:setSessionUGI:HiveSessionImplwithUGI.java:66', 'org.apache.hive.service.cli.session.HiveSessionImplwithUGI::HiveSessionImplwithUGI.java:56', 'org.apache.hive.service.cli.session.SessionManager:createSession:SessionManager.java:408', 'org.apache.hive.service.cli.session.SessionManager:openSession:SessionManager.java:382', 'org.apache.hive.service.cli.CLIService:openSessionWithImpersonation:CLIService.java:198', 'org.apache.hive.service.cli.thrift.ThriftCLIService:getSessionHandle:ThriftCLIService.java:476', 'org.apache.hive.service.cli.thrift.ThriftCLIService:OpenSession:ThriftCLIService.java:322', 'org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1497', 'org.apache.hive.service.rpc.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1482', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:286', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1142', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:617', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:No rules applied to aman.khare@XXXX.com:19:1', 'org.apache.hadoop.security.authentication.util.KerberosName:getShortName:KerberosName.java:401', 'org.apache.hadoop.security.User::User.java:48'], statusCode=3), sessionHandle=None, configuration=None, serverProtocolVersion=9)**

I have not enabled kerberos in my cluster.
I am using Hue-4.5.

Following are my configuration to for SAML integration:

entity_id=http://xxxxx.xxxx.com/saml2/metadata/
required_attributes= samaccount
metadata_file= /etc/hue/conf/metadata.xml
key_file= /etc/hue/conf/private.pem
name_id_format="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
username_source= nameid

Can somebody help here?

Thanks in Advance

#2

Make sure you add Mapper for attribute “samaccount” in saml client IDP. you can use by default attribute for testing purpose i.e username , email