Data Analytics Studio Installation
Also available as:
PDF

Configuring DAS for Knox SSO

To enable DAS to work with the HDP cluster SSO, configure the Knox settings as described in this topic.

You need to export the Knox certificate from the Knox gateway host. To find the Knox gateway host, go to Ambari > Services > Knox > CONFIGS > Knox Gateway hosts.

  1. SSH in to the Knox gateway host with a root or a knoxuser user.
  2. Export the Knox certificate by running the following command:
    /usr/hdp/current/knox-server/bin/knoxcli.sh export-cert --type PEM
    Note
    Note
    If you have already integrated Knox SSO earlier, then the gateway-identity.pem file would exist. Check whether the gateway-identity.pem file exists or not before running this command.
    /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
    If the export is successfully, the following message is displayed:
    Certificate gateway-identity has been successfully exported to: /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
    Note the location where you save the gateway-identity.pem file.
  3. Enable the Knox SSO topology settings:
    1. From Ambari > Data Analytics Studio > Configs > Advanced data_analytics_studio-security-site, check to select knox_sso_enabled.
    2. Set knox_sso_url value as https://<knox-host>:8443/gateway/knoxsso/api/v1/websso.
    3. Copy the contents of the PEM file exported in Step 1 to knox_publickey. Make sure the certificate headers are not copied.
    4. Click Save and click through the confirmation pop-ups.
    5. Restart Data Analytics Studio webapp.
    6. Select Actions > Restart All Required to restart all other services that require a restart.