Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configure HBase WebUI to redirect to Apache Knox

Labels:
avatar
author-rank TMauran
Contributor

Created on ‎07-23-2024 12:04 AM - edited ‎07-23-2024 12:08 AM

Hello,
I am wondering if there is any way to secure HBase with Apache Knox so that if the Knox token is not provided HBase redirects to the Knox SSO page. I managed to do it for HDFS Yarn and Spark using filters but can' t seem to find any way to do that with HBase.

```

<property>
<name>hadoop.http.authentication.type</name>
<value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
</property>

<property>
<name>hadoop.http.authentication.authentication.provider.url</name>
<value>https://<knox-host>:8443/gateway/knoxsso/api/v1/websso</value>
</property>

<property>
<name>hadoop.http.authentication.public.key.pem</name>
<value><Your public token from the .pem file></value>
</property>
```
Here is what I added in core-site.xml to protect HDFS and Yarn.

Thank you for your time

868 Views
0
4 REPLIES 4

avatar
author-rank shubham_sharma author-rank
Expert Contributor

Created ‎07-23-2024 10:39 AM

Hi @TMauran 

Could you please try to use below in hbase-site.xml and check -

<property> 
<name>hbase.http.filter.initializers</name> 
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value> 
</property>

Other properties should be present in core-site.xml as well 

838 Views
0 Kudos

avatar
author-rank TMauran
Contributor

Created ‎07-23-2024 11:56 PM

Hello @shubham_sharma 
Thank you very much for taking the time, I currently run under 2.3.5 and I can' t use this filter, is this ability to redirect to Knox with the AuthenticationFilterInitializer only available since 3.0.0 ?

821 Views
0 Kudos

avatar
author-rank JeffLawson
New Contributor

Created ‎07-24-2024 01:14 AM

@TMauran wrote:

Hello,
I am wondering if there is any way to secure HBase with Apache Knox so that if the Knox token is not provided HBase redirects to the Knox SSO page. I managed to do it for HDFS Yarn and Spark using filters but can' t seem to find any way to do that with HBase.

```

<property>
<name>hadoop.http.authentication.type</name>
<value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
</property>

<property>
<name>hadoop.http.authentication.authentication.provider.url</name>
<value>https://<knox-host>:8443/gateway/knoxsso/api/v1/websso</value>
</property>

<property>
<name>hadoop.http.authentication.public.key.pem</name>
<value><Your public token from the .pem file></value>
</property>
```
Here is what I added in core-site.xml to protect HDFS and Yarn.

Thank you for your time

To secure HBase with Apache Knox and ensure redirection to the Knox SSO page when the token is missing, configure HBase's HTTP authentication properties using the JWTRedirectAuthenticationHandler. This can be set up similarly to your HDFS, Yarn, and Spark configurations, specifying the authentication type, provider URL, and public key.

814 Views

avatar
author-rank TMauran
Contributor

Created ‎07-24-2024 01:47 AM

Hello @JeffLawson 
I tried using this JWTRedirectAuthenticationHandler but didn' t had any  result, do you know that param name is it in the hbase-site.xml ?

809 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements