Configuring DAS for Knox SSO
To enable DAS to work with the HDP cluster SSO, configure the Knox settings as described here.
Follow these instructions only if you choose to configure secure clusters.
You need to export the Knox certificate from the Knox gateway host. To find the Knox gateway host, go to.
SSH in to the Knox gateway host with a
Export the Knox certificate by running the following command:
/usr/hdp/current/knox-server/bin/knoxcli.sh export-cert --type PEMNoteIf you have already integrated Knox SSO earlier, then the gateway-identity.pem file would exist. Check whether the gateway-identity.pem file exists or not before running this command.
/usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pemIf the export is successfully, the following message is displayed:
Certificate gateway-identity has been successfully exported to: /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pemNote the location where you save the
Enable the Knox SSO topology settings. From the Ambari UI, go to
and make the following configuration changes:
- Select the knox_sso_enabled option.
Specify the Knox SSO URL in the knox_sso_url
field in the following format:
- Copy the contents of the PEM file that you exported earlier in the knox_publickey field without the header and the footer.
- Click Save and click through the confirmation pop-ups.
- Restart DAS and any services that require restart by clicking .