Setting Up Knox SSO
You can set up Knox to handle authentication when you access the user interfaces and REST APIs. After you set up Knox, basic authentication is still an option for making requests directly to the REST application, but any request to the user interfaces must go through Knox first and contain the proper security token.
- Ensure that you have enabled LDAP on the Metron Security page in Ambari. Knox and Metron must be configured to use the same LDAP.
- Ensure that you have installed the Metron client component on all Knox gateway hosts.
- Navigate to Ambari > Hosts > $METRON_HOST.
- At the bottom of the Components section, in the dropdown menu next to the clients, select Install clients.
Select Metron Client, then click
This will install the Metron client.
Retrieve the Knox public key by running the following command on the Knox gateway
openssl s_client -connect node1:8443 < /dev/null | openssl x509 | grep -v 'CERTIFICATE' | paste -sd "" -
- Copy the output of the command and paste it into the Ambari setting at Metron > Configs > Security > Knox SSO Public Key.
- Change the Knox Enabled setting to true and then click Save.
Follow the prompts to restart the Metron client, Metron REST, Metron Alerts UI, and
Metron Management UI.
After REST comes back up, Metron should be enabled for Knox.