Community Articles
Find and share helpful community-sourced technical articles
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (2)


1. Setup Ambari with LDAP and Sync.

2. Setup Knox and point to same LDAP as Ambari server.

Enable SSO for Ambari:

1. Get the Knox public cert by running below.

openssl s_client -connect KNOXHOST:8443 <<<'' | openssl x509 -out /tmp/knox.crt

2. Run "ambari-server setup-sso"

3. "provider URL": Enter https://<hostname>:8443/gateway/knoxsso/api/v1/websso

4. "Public Certificate pem" : Provide step1 cert file content without BEGIN/END blocks.



Note: Make sure your /etc/ambari-server/conf/jwt-cert.pem file should have only one BEGIN/END

5. You can select default for rest of the configs.

6. Re-start Ambari server:

Knox Configurations

1. If Ambari and Knox is in different host then Whitelist Ambari URL. In Advanced knoxsso-topology modify below config for whitelisting all (or you can write regex for specific)


2. Re-start Knox server.

Now try accessing Ambari using http://HOSTNAME/IP:PORT/

1. It should re-direct to the Knox page

2. Enter the username/password and submit

3. It will take back to Ambari page and logged in.

For any issues refer /var/log/knox/gateway.log and /var/log/ambari-server/ambari-server.log files to get some clue on failures.


@amarnath reddy pappu, I followed these steps but when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway log in screen.

Could you please suggest.

Opened questions in community also:

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎08-09-2018 08:37 PM
Updated by:
Top Kudoed Authors