Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox - Issues/Clarifications needed for Intgerating with custom IDP

Knox - Issues/Clarifications needed for Intgerating with custom IDP

Explorer

Hi Team

I am trying to follow the Knox SSO documentation to integrate with our existing Idp and there are few things that are not very clear as to how we get those values as the example shown uses Knox page to login. Our requirement is whenever a user tries to access Ambari UI, Ranger UI, and Yarn, they need to be redirected to our IDP login page where there are authenticated against and if they provide the valid SSO details they will be able to access the landing pages of Ambari UI, Ranger, and Yarn.

1.

When we run the

ambari-server setup-sso

It asks you for the provider URL. Should we enter our IdP URL or the below?

For the provider URL, enter: https://<hostname>:8443/gateway/knoxsso/api/v1/websso.

2. Where do we use the knox generated cert in below step.

Run the following CLI command to export the Knox certificate.

3. In the topolgy.xml, how do we generate the sp-metadata.xml. For the SP url to be trusted by the IDP, we will need the following parameters such as EntityId, PartnerID, Signing Cert for our IDP to register this on their end. How do we generate those details. Appreciate if you can provide the details.

 <param>

           <name>saml.serviceProviderMetadataPath</name>
           <value>/tmp/sp-metadata.xml</value>
         </param>

Don't have an account?
Coming from Hortonworks? Activate your account here