Community Articles

Pre-requisite:

1. Setup Ambari with LDAP and Sync.

2. Setup Knox and point to same LDAP as Ambari server.

Enable SSO for Ambari:

1. Get the Knox public cert by running below.

openssl s_client -connect KNOXHOST:8443 <<<'' | openssl x509 -out /tmp/knox.crt

2. Run "ambari-server setup-sso"

3. "provider URL": Enter https://<hostname>:8443/gateway/knoxsso/api/v1/websso

4. "Public Certificate pem" : Provide step1 cert file content without BEGIN/END blocks.

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Note: Make sure your /etc/ambari-server/conf/jwt-cert.pem file should have only one BEGIN/END

5. You can select default for rest of the configs.

6. Re-start Ambari server:

Knox Configurations

1. If Ambari and Knox is in different host then Whitelist Ambari URL. In Advanced knoxsso-topology modify below config for whitelisting all (or you can write regex for specific)

   <param>
                 <name>knoxsso.redirect.whitelist.regex</name>
                 <value>.*</value>
    </param>

2. Re-start Knox server.

Now try accessing Ambari using http://HOSTNAME/IP:PORT/

1. It should re-direct to the Knox page

2. Enter the username/password and submit

3. It will take back to Ambari page and logged in.

For any issues refer /var/log/knox/gateway.log and /var/log/ambari-server/ambari-server.log files to get some clue on failures.