Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configure HBase WebUI to redirect to Apache Knox

Labels:
avatar
author-rank TMauran
Contributor

Created on ‎07-23-2024 12:04 AM - edited ‎07-23-2024 12:08 AM

Hello,
I am wondering if there is any way to secure HBase with Apache Knox so that if the Knox token is not provided HBase redirects to the Knox SSO page. I managed to do it for HDFS Yarn and Spark using filters but can' t seem to find any way to do that with HBase.

```

<property>
<name>hadoop.http.authentication.type</name>
<value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
</property>

<property>
<name>hadoop.http.authentication.authentication.provider.url</name>
<value>https://<knox-host>:8443/gateway/knoxsso/api/v1/websso</value>
</property>

<property>
<name>hadoop.http.authentication.public.key.pem</name>
<value><Your public token from the .pem file></value>
</property>
```
Here is what I added in core-site.xml to protect HDFS and Yarn.

Thank you for your time

545 Views
4 REPLIES 4

avatar
author-rank shubham_sharma author-rank
Expert Contributor

Created ‎07-23-2024 10:39 AM

Hi @TMauran 

Could you please try to use below in hbase-site.xml and check -

<property> 
<name>hbase.http.filter.initializers</name> 
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value> 
</property>

Other properties should be present in core-site.xml as well 

515 Views
0 Kudos

avatar
author-rank TMauran
Contributor

Created ‎07-23-2024 11:56 PM

Hello @shubham_sharma 
Thank you very much for taking the time, I currently run under 2.3.5 and I can' t use this filter, is this ability to redirect to Knox with the AuthenticationFilterInitializer only available since 3.0.0 ?

498 Views
0 Kudos

avatar
author-rank JeffLawson
New Contributor

Created ‎07-24-2024 01:14 AM

@TMauran wrote:

Hello,
I am wondering if there is any way to secure HBase with Apache Knox so that if the Knox token is not provided HBase redirects to the Knox SSO page. I managed to do it for HDFS Yarn and Spark using filters but can' t seem to find any way to do that with HBase.

```

<property>
<name>hadoop.http.authentication.type</name>
<value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
</property>

<property>
<name>hadoop.http.authentication.authentication.provider.url</name>
<value>https://<knox-host>:8443/gateway/knoxsso/api/v1/websso</value>
</property>

<property>
<name>hadoop.http.authentication.public.key.pem</name>
<value><Your public token from the .pem file></value>
</property>
```
Here is what I added in core-site.xml to protect HDFS and Yarn.

Thank you for your time

To secure HBase with Apache Knox and ensure redirection to the Knox SSO page when the token is missing, configure HBase's HTTP authentication properties using the JWTRedirectAuthenticationHandler. This can be set up similarly to your HDFS, Yarn, and Spark configurations, specifying the authentication type, provider URL, and public key.

491 Views

avatar
author-rank TMauran
Contributor

Created ‎07-24-2024 01:47 AM

Hello @JeffLawson 
I tried using this JWTRedirectAuthenticationHandler but didn' t had any  result, do you know that param name is it in the hbase-site.xml ?

486 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements