Configuring NiFi Authentication and Proxying with Apache Knox
Also available as:
PDF

Configuring the Knox SSO Topology

If you are proxying NiFi and authenticating with Knox SSO, you must make several edits to the Knox SSO topology. If you not authenticating with Knox SSO, these steps are not necessary.

  1. Navigate to Advanced knoxsso-topology and, in the KNOXSSO service definition, edit the Knox SSO token time-to-live value. For example, for a 10 hour time-to-live:
    <param>
       <name>knoxsso.token.ttl</name>
       <value>36000000</value>
    </param>
    
  2. Update the knoxsso.redirect.whitelist.regex property with a regex value that represents the host or domain in which the NiFi host is running. If the knoxsso.redirect.whitelist.regex property does not exist, you must add it. For example:
    <param>
       <name>knoxsso.redirect.whitelist.regex</name>
       <value>^https?:\/\/(hdf-test\.field\.hortonworks\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value>
    </param>