To enable DAS to work with the HDP cluster SSO, configure the Knox settings as
described here.
| Note |
---|
Follow these instructions only if you choose to configure secure clusters. |
-
SSH in to the Knox gateway host with a
root
or a
knoxuser
user.
-
Export the Knox certificate by running the following command:
/usr/hdp/current/knox-server/bin/knoxcli.sh export-cert --type PEM
| Note |
---|
If you have already integrated Knox SSO earlier, then the
gateway-identity.pem file would exist. Check whether the
gateway-identity.pem file exists or not before running this command. |
/usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
If the export is successfully, the following message is displayed:
Certificate gateway-identity has been successfully exported to: /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
Note the location where you save the gateway-identity.pem
file.
-
Enable the Knox SSO topology settings. From the Ambari UI, go to and make the following configuration changes:
-
Select the knox_sso_enabled option.
-
Specify the Knox SSO URL in the knox_sso_url
field in the following format:
https:knox-host>:8443/gateway/knoxsso/api/v1/websso
-
Copy the contents of the PEM file that you exported earlier in the
knox_publickey field without the header and
the footer.
-
Click Save and click through the confirmation
pop-ups.
-
Restart DAS and any services that require restart by clicking .