Support Questions

Find answers, ask questions, and share your expertise

HDP 2.5: Ranger via Knox SSO, Login redirect issue


I have installed and started both Ranger and Knox in our cluster.

Knox Ranger Plugin enabled in the Ranger and Knox SSO enabled in Ranger Advanced configuration settings.

Knox SSO applied perfectly in Ranger Admin UI but when I can not able to login using the username and password in the Demo LDAP server.

user: guest

pass: guest-password.


I have verified the knox gateway.log and could not find any error,

2017-01-27 06:48:29,286 INFO service.knoxsso ( - About to redirect to original URL

I got the above message once click on the "Sign in" button in Knox SSO login page. Knox trying to redirect to original URL (Ranger URL) but nothing happened after that.

I could not see the main page (Service Manager page) in Ranger using Knox SSO.




Super Collaborator

Have you checked the topology configuration in 'Advanced topology' on Ambari Knox Config ?


@Uvaraj Seerangan

Can you please cross check your settings by following my article at


The link you have provided is about UI access using Knox Gateway but question I have posted about Knox SSO. So please let me know if there any resource about Knox SSO. I have followed the below link but login redirect is not working,





Yes I have checked the Knox "Advanced topology", it seems fine and I can able to see Knox SSO login screen when land into Ranger Admin UI.

The problem is after entered the valid username and password, it has to land into Ranger Service Manager page but it did not happen and no error in the log.

Did you ever find a solution for this problem? I'm facing a similar issue.

hey,did u able to resolve this issue?

Rising Star

@Uvaraj Seerangan

Three things that can go wrong here.

1) The KnoxSSO expects a valid hostname with domain name, as the cookie will be set for that specific domain. So your hostname needs to be in format "{somehost}.{someorganisation}.{someTLD}", e.g. You can achieve this by making an extra entry in your /etc/hosts file at all the participating nodes in SSO e.g. Ambari, Ranger, Knox, etc.

2) You need to provide Knox SSL certificate as "SSO Public Key" value in Ranger Config. Easiest way to get it, is below command. Paste the content between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" as "SSO Public Key" value.

openssl s_client -connect</dev/null| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'> knoxssoRanger.crt

3) Increase the value of "knoxsso.token.ttl" property inside Advanced Knoxsso Topplogy sufficiently.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.