You can set up Knox to handle authentication when you access the user interfaces and
REST APIs. After you set up Knox, basic authentication is still an option for making requests
directly to the REST application, but any request to the user interfaces must go through Knox
first and contain the proper security token.
- Ensure that you have enabled LDAP on the Metron Security page
in Ambari. Knox and Metron must be configured to use the same LDAP.
- Ensure that you have installed the Metron client component on all Knox gateway
hosts.
-
Navigate to Ambari > Hosts > $METRON_HOST.
-
At the bottom of the Components section, in the dropdown
menu next to the clients, select Install clients.
-
Select Metron Client, then click
Next.
This will install the Metron client.
-
Retrieve the Knox public key by running the following command on the Knox gateway
host:
openssl s_client -connect node1:8443 < /dev/null | openssl x509 | grep -v 'CERTIFICATE' | paste -sd "" -
-
Copy the output of the command and paste it into the Ambari setting at
Metron > Configs > Security > Knox SSO Public Key.
-
Change the Knox Enabled setting to
true and then click Save.
-
Follow the prompts to restart the Metron client, Metron REST, Metron Alerts UI, and
Metron Management UI.
After REST comes back up, Metron should be enabled for Knox.
When you launch a user interface, Knox searches for a valid
token. If a valid token is not found, Knox redirects to the Knox SSO login form. Once a
valid token is found, Knox redirects to the original url and forwards the request.
Accessing the REST application through Knox also follows this pattern.