Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

KNOX SSO ambari login redirect Issue

Re: KNOX SSO ambari login redirect Issue

New Contributor

Have you ever seen "Invalid JWT token" in ambari audit log? I get it when knox comes back to ambari after authenticating with something different than LDAP. Deleting the cookies does not work, and I think this is the base of my problem.

Somehow ambari does not like the generated token.

Highlighted

Re: KNOX SSO ambari login redirect Issue

Contributor

@Rafael Leon, I am also facing same issue? Have you resolved this? Could you please suggest.

Re: KNOX SSO ambari login redirect Issue

New Contributor

Any conclusion? I tried everything mentioned in this thread and nothing works.

Re: KNOX SSO ambari login redirect Issue

Cloudera Employee

@chouston @andrew chen

I had a same problem in Ranger UI with Knox SSO, I did following

1.Changed Ranger external url from http://<xxxx>.<xxx>:6080 to http://<xxxx>.<xxx>.<xx>:6080

2.Changed SSO provider url from https://<xxxx>.<xxx>:8443/gateway/knoxsso/api/v1/websso to https://<xxxx>.<xxx>.<xx>:8443/gateway/knoxsso/api/v1/websso

3. set knoxsso.cookie.secure.only=false in Knoxsso topology.

4. changed knoxsso.redirect.whitelist.regex property in knoxsso topology to support new host.

I am able to open ranger UI after above changes :).

Re: KNOX SSO ambari login redirect Issue

New Contributor

Check whether the time is in sync between knox server and ambari server. Check whether ntp service is running in both the machines

Re: KNOX SSO ambari login redirect Issue

@soumya swain

I have created article for Ambari SSO - you can review and check that to see if that helps. https://community.hortonworks.com/articles/212005/steps-to-enable-knox-sso-for-ambari-1.html