THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Log in
Skip to sidebar
Skip to main content
Apache Software Foundation
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
What’s new
Available Gadgets
About Confluence
Log in
KNOX
Pages
Blog
Space shortcuts
UML Diagrams
Child pages
Designs
Hadoop Web UI SSO with Knox Token Exchange from SAML
Browse pages
Configure
Space tools
A
t
tachments (0)
Page History
Resolved comments
Page Information
View in Hierarchy
View Source
Delete comments
Export to PDF
Export to Word
Copy Page Tree
Pages
Index
Designs
Jira links
Hadoop Web UI SSO with Knox Token Exchange from SAML
Created by
Kevin Minder
, last modified by
Larry McCay
on
Sep 30, 2015
Hadoop Web UI SSO with Knox Token Exchange from SAML
Browser
Ambari
Server UI
HDFS
NN UI
Knox
SAML IdP
(eg Shibboleth)
LDAP or
ActiveDirectory
1
ambari-view-url.GET()
2
redirect302(knox-url,ambari-url)
3
knox-url.GET(ambari-url)
SAML
4
ok200(idp-redirect-form[idp-url,knox-url,ambari-url])
Redirect forms auto submitted
via embedded JavaScript
5
idp-url.POST(knox-url,ambari-url)
6
ok200(idp-login-form[idp-url,knox-url,ambari-url])
7
idp-url.POST(username,password,knox-url,ambari-url)
8
authenticate
(usernme,password)
9
ok200(knox-redirect-form[knox-url,ambari-url,idp-token])
10
knox-url.POST(ambari-url,idp-token)
11
ok200(ambari-redirect-form[ambari-url,knox-token],knox-cookie)
Token exchange
12
ambari-url.GET(knox-token)
13
redirect302(ambari-url,ambari-cookie)
14
ambari-url.GET(ambari-cookie)
15
ok200(ambari-view)
Subsequent uses of other UIs do not require authentication/SAML due to knox-cookie in Browser
16
nn-url.GET()
17
redirect302(knox-url,nn-url)
18
knox-url.GET(nn-url,knox-cookie)
19
ok200(nn-redirect-form[nn-url,knox-token])
20
nn-url.GET(knox-token)
21
redirect302(nn-url,nn-cookie)
22
nn-url.GET(nn-cookie)
23
ok200(nn-view)
No labels
Overview
Content Tools
Apps
{"serverDuration": 465, "requestCorrelationId": "b984c621bff0c5ed"}