1. Setup Ambari with LDAP and Sync.
2. Setup Knox and point to same LDAP as Ambari server.
Enable SSO for Ambari:
1. Get the Knox public cert by running below.
openssl s_client -connect KNOXHOST:8443 <<<'' | openssl x509 -out /tmp/knox.crt
2. Run "ambari-server setup-sso"
3. "provider URL": Enter https://<hostname>:8443/gateway/knoxsso/api/v1/websso
4. "Public Certificate pem" : Provide step1 cert file content without BEGIN/END blocks.
Note: Make sure your /etc/ambari-server/conf/jwt-cert.pem file should have only one BEGIN/END
5. You can select default for rest of the configs.
6. Re-start Ambari server:
1. If Ambari and Knox is in different host then Whitelist Ambari URL.
In Advanced knoxsso-topology modify below config for whitelisting all (or you can write regex for specific)
2. Re-start Knox server.
Now try accessing Ambari using http://HOSTNAME/IP:PORT/
1. It should re-direct to the Knox page
2. Enter the username/password and submit
3. It will take back to Ambari page and logged in.
For any issues refer /var/log/knox/gateway.log and /var/log/ambari-server/ambari-server.log files to get some clue on failures.
@amarnath reddy pappu, I followed these steps but when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway log in screen.
Could you please suggest.
Opened questions in community also: https://community.hortonworks.com/questions/242895/knox-sso-not-working-for-ambari.html