Support Questions

tancy · ‎04-22-2021

knox version:1.0.0

ambari version:2.7.5

Knox SSO SAML for Ambari have a prompt：

For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.
Alternatively login as an Ambari local user using the local login page.
http://example.com:8080/#/login/local

For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.Alternatively login as an Ambari local user using the local login page.http://example.com:8080/#/login/local

ambari-server log:

knox config

ambari setup-sso reference:

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/configuring-knox-sso/content/sso_set_up_knox_s...

Thank you very much for your reply!

Scharan · ‎04-22-2021

@tancy Can you confirm is Ambari is synced with ldap/Ad, if Ambari is not synced with ldap/Ad, sync the users and then try to login again

tancy · ‎04-23-2021

thank you, it is not synced with ldap/Ad and lgoin success. But i have a doubt that ambari authentication type include JWT, how can i sync the JWT to table 'user_authentication'

Scharan · ‎04-23-2021

@tancy Once logged into Knox SSO, the UI service uses a cookie named hadoop-jwt. The Knox Token Service enables clients to acquire this same JWT token , you can check this jwt token in browser developer tools

Can you confirm are you trying with the local admin user

tancy · ‎04-23-2021

Yes, it is exist a hadoop-jwt cookie and i tested with the local admin user. I debug this class AmbariJwtAuthenticationProvider follow:

微信截图_20210424110207.png

I only know sync the table ‘user_authentication’ with command sync-ldap, i can not find the way update authentication type JWT into the table 'user_authentication'

Cloudera Community

Support Questions

Knox SSO for Ambari Problem