Enabling logout option for secure clusters
To sign out from the application (DAS Webapp) and the identity provider on secure clusters, you need to create a KnoxSSO out topology in the Ambari console and configure the knox_ssout_url through the Ambari UI.
This section can be used to configure the Knox SSO logout URL for both HA and non-HA clusters.
- SSH in to the Ambari console on which you have configured Knox as a root user.
If you are configuring KnoxSSOUT for the first time, then you need to create a
KnoxSSO out topology called
/etc/knox/x.x.x.x-xx/0/topologiesdirectory.If you have already configured KnoxSSOUT, then you can skip this step.Add the following lines in the knoxssout.xml file:
<?xml version="1.0"?> <topology> <gateway> <provider> <role>hostmap</role> <name>static</name> <enabled>true</enabled> </provider> </gateway> <service> <role>KNOXSSOUT</role> </service> </topology>NoteIf you have configured Knox SSO for HA clusters, then you must create the KnoxSSO out topology on all the Knox hosts.
On the Ambari UI, go to knox_ssout_url field in the following format:
and specify the Knox SSO logout URL in the
knox-sso-out-topois the name of the KnoxSSO out topology xml file that you created earlier. In this case, it is
The host and the port that you specify here should be the same as those specified in the knox_sso_url field.
To obtain the cluster_name, on the Ambari UI, click Cluster Name field.and note the value from the
If you have HA clusters, then specify the host and the port of the load balancer pointing to the Knox instance.
- Click Save and click through the confirmation pop-ups.
- Restart DAS and any services that require restart by clicking .