Knox SSO with DataPlane clusters
You must configure Knox SSO on the clusters you plan to use with DataPlane. You will perform this Knox SSO setup on your clusters after you perform the DataPlane Installation. Refer to DataPlane Installation for more information.
DP Platform and the DP Apps leverage Knox SSO to provide users and services with simplified and consistent access to clusters, data, and other services.
DataPlane authenticates users against a centralized identity provider in the organization (such as an LDAP or AD). Having Knox SSO set up with your clusters ensures that those users and services are authorized to perform specific actions on the respective clusters, and propagates the identity of the user or service from DataPlane to the cluster services. You must perform the Knox SSO setup on your clusters after you perform the DataPlane Installation.
The Knox SSO of your cluster must be configured to use the same LDAP/AD as your DP instance for user identity to match and propagate between the systems.
Minimally, your cluster requires a Knox SSO configuration to include the following cluster services: Ambari, YARN and HDFS. Refer to your specific DP Apps documentation for any additional cluster services that may also be required to be configured in Knox SSO.
Refer to the following documentation on how to configure your cluster for Knox SSO:
|Resource||HDP 2.6 and Ambari 2.6 Documentation||HDP 3.0 and Ambari 2.7 Documentation|
|Configure SSO topology||HDP Security Guide, Identity Providers (IdP)||HDP Security Guide, Configuring an Identity Provider|
|Configure Knox SSO for Ambari||HDP Security Guide, Setting up Knox SSO for Ambari||HDP Security Guide, Configuring Apache Knox SSO|
|Configure LDAP with Ambari||Ambari Security Guide, Configuring Ambari Authentication with LDAP or Active Directory Authentication||HDP Security Guide, Configuring Ambari Authentication for LDAP/AD|
For more information about HDF Knox configuration, see HDF Security documentation.