Configure Knox SSO
If you have the DLM Engine on the cluster, you must take additional steps to set up your Knox SSO configuration.
Export the Knox certificate:
- From the Knox Gateway machine, run the following command: $JAVA_HOME/bin/keytool -export -alias gateway-identity -rfc -file <cert.pem> -keystore /usr/hdp/current/knox-server/data/security/keystores/gateway.jks
- When prompted, enter the Knox master password.
Remember the location where you save the
Enable the Knox SSO topology settings:
- From beacon.sso.knox.authentication.enabled field. , click the check-box beside
- Disable basic auth. From beacon.basic.authentication.enabled field only in case of secured clusters. While using unsecured clusters, check the check-box beside beacon.basic.authentication.enabled field. , uncheck the check-box beside
- Set beacon.sso.knox.provideurl to https://<knox-host>:8443/gateway/knoxsso/api/v1/websso.
Copy the contents of the PEM file exported in Step 1 to
Ensure the certificate headers are not copied.