Data Analytics Studio Installation
Also available as:
PDF

Configuring user authentication using Knox SSO

To enable DAS to work with the HDP cluster SSO, configure the Knox settings as described here.

Note
Note
Follow these instructions only if you choose to configure secure clusters.

You need to export the Knox certificate from the Knox gateway host. To find the Knox gateway host, go to Ambari > Services > Knox > CONFIGS > Knox Gateway hosts.

  1. SSH in to the Knox gateway host with a root or a knoxuser user.
  2. Export the Knox certificate by running the following command:
    /usr/hdp/current/knox-server/bin/knoxcli.sh export-cert --type PEM
    Note
    Note
    If you have already integrated Knox SSO earlier, then the gateway-identity.pem file would exist. Check whether the gateway-identity.pem file exists or not before running this command.
    /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
    If the export is successfully, the following message is displayed:
    Certificate gateway-identity has been successfully exported to: /usr/hdp/current/knox-server/data/security/keystores/gateway-identity.pem
    Note the location where you save the gateway-identity.pem file.
  3. If not done already, specify KNOX_SSO in the user_authentication field under Ambari > Data Analytics Studio > Config.
  4. Enable the Knox SSO topology settings. From the Ambari UI, go to Data Analytics Studio > Config > Advanced data_analytics_studio-security-site and make the following configuration changes:
    1. Specify KNOX_SSO in the user_authentication field.
    2. Specify the Knox SSO URL in the knox_sso_url field in the following format:
      https:knox-host>:8443/gateway/knoxsso/api/v1/websso
    3. Copy the contents of the PEM file that you exported earlier in the knox_publickey field without the header and the footer.
    4. Add the list of users in the admin_users field who need admin access to DAS.
      You can specify * (asterisk) in the admin_users field to make all users the admin users.
      Note
      Note
      Only admin users have access to all the queries. Non-admin users can access only their queries.
    5. Click Save and click through the confirmation pop-ups.
    6. Restart DAS and any services that require restart by clicking Actions > Restart All Required.