Community Articles
Find and share helpful community-sourced technical articles
Labels (2)


1. Setup Ambari with LDAP and Sync.

2. Setup Knox and point to same LDAP as Ambari server.

Enable SSO for Ambari:

1. Get the Knox public cert by running below.

openssl s_client -connect KNOXHOST:8443 <<<'' | openssl x509 -out /tmp/knox.crt

2. Run "ambari-server setup-sso"

3. "provider URL": Enter https://<hostname>:8443/gateway/knoxsso/api/v1/websso

4. "Public Certificate pem" : Provide step1 cert file content without BEGIN/END blocks.



Note: Make sure your /etc/ambari-server/conf/jwt-cert.pem file should have only one BEGIN/END

5. You can select default for rest of the configs.

6. Re-start Ambari server:

Knox Configurations

1. If Ambari and Knox is in different host then Whitelist Ambari URL. In Advanced knoxsso-topology modify below config for whitelisting all (or you can write regex for specific)


2. Re-start Knox server.

Now try accessing Ambari using http://HOSTNAME/IP:PORT/

1. It should re-direct to the Knox page

2. Enter the username/password and submit

3. It will take back to Ambari page and logged in.

For any issues refer /var/log/knox/gateway.log and /var/log/ambari-server/ambari-server.log files to get some clue on failures.


@amarnath reddy pappu, I followed these steps but when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway log in screen.

Could you please suggest.

Opened questions in community also: