Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Knox SSO for Ambari Problem

Labels:
avatar
author-rank tancy
Explorer

Created ‎04-22-2021 04:51 AM

knox version:1.0.0

ambari version:2.7.5

Knox SSO SAML for Ambari have a prompt:

 

Spoiler
For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.
Alternatively login as an Ambari local user using the local login page.
http://example.com:8080/#/login/local

ambari-server log:

 

微信截图_20210422192818.png

 

knox config

111.png2222.png

 

 

ambari setup-sso reference:

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.0/configuring-knox-sso/content/sso_set_up_knox_s...

 

Thank you very much for your reply!

 

1,728 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎04-22-2021 11:52 PM

@tancy  Can you confirm is Ambari is synced with ldap/Ad, if Ambari is not synced with ldap/Ad, sync the users and then try to login again

1,709 Views
0 Kudos

avatar
author-rank tancy
Explorer

Created ‎04-23-2021 02:21 AM

thank you, it is not synced with ldap/Ad and lgoin success. But i have a doubt that ambari authentication type include JWT, how can i sync the JWT to table 'user_authentication'

1,698 Views
0 Kudos

avatar
author-rank Scharan author-rank
Master Collaborator

Created ‎04-23-2021 04:22 AM

@tancy Once logged into Knox SSO, the UI service uses a cookie named hadoop-jwt. The Knox Token Service enables clients to acquire this same JWT token , you can check this jwt token in browser developer tools

 

Can you confirm are you trying with the local admin user 

1,689 Views
0 Kudos

avatar
author-rank tancy
Explorer

Created ‎04-23-2021 08:18 PM

Yes, it is exist a hadoop-jwt cookie and i tested with the local admin user. I debug this class AmbariJwtAuthenticationProvider follow:

微信截图_20210424110207.png

 

I only know sync the table ‘user_authentication’ with command sync-ldap, i can not find the way update authentication type JWT into the table 'user_authentication' 

1,676 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements