Versions Compared

Old Version 48

changes.mady.by.user Larry McCay

Saved on

compared with

New Version 49

changes.mady.by.user Larry McCay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

** CAVEAT: the simple hadoop-auth cookie and any subsequent JWT solution will dictate that knoxsso endpoint be in the same domain as all of the UIs. IOW - all nodes in the cluster that host UIs or will need the cookie to be available need to be in the same domain as the knoxsso endpoint.

Required Configuration

 

<property>
  <name>hadoop.http.authentication.simple.anonymous.allowed</name>
  <value>false</value>
</property>

<property>
  <name>hadoop.http.authentication.type</name>
  <value>org.apache.hadoop.sso.poc.RedirectAuthenticationHandler</value>
</property>

<property>
  <name>hadoop.http.authentication.authentication.provider.url</name>
  <value>http://c6401.ambari.apache.org:8888/knoxsso</value>
</property>

<property>
  <name>hadoop.http.filter.initializers</name>
  <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>

 

The previous POC effort was proving the above flow and trying to minimize the work required on the UI.

...