Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Knox SSO not working for Ambari


Hello Team,

Our environment consist of Ambari-2.7 and HDP-3.1. We have synced AD/LDAP users in Ambari.

Using 'ambari-server setup-sso' command, we have setup KnoxSSO for Ambari. But when I login to ambari, it is successfully getting redirected to knox gateway and after i give credentials it goes to ambari ui and then coming back to knox gateway UI screen as shown below:107183-1552563617676.png

The gateway.log shows Authentication successful message but still its redirecting again to login page.

Here is the content of gateway.log file:

2019-03-14 11:26:06,049 DEBUG authc.BasicHttpAuthenticationFilter ( - Attempting to execute login with headers [Basic aGRwdXNlcjpSZWRoYXRAMTIz]
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapRealm ( - Authenticating user 'hdpuser' through LDAP
2019-03-14 11:26:06,066 DEBUG ldap.JndiLdapContextFactory ( - Initializing LDAP context using URL [ldap://] and principal [cn=hdpuser,ou=hdpcloud,dc=hdp,dc=com] with pooling disabled
2019-03-14 11:26:06,400 DEBUG realm.AuthenticatingRealm ( - Looked up AuthenticationInfo [hdpuser] from doGetAuthenticationInfo
2019-03-14 11:26:06,400 DEBUG credential.SimpleCredentialsMatcher ( - Performing credentials equality check for tokenCredentials of type [org.apache.shiro.crypto.hash.SimpleHash and accountCredentials of type [org.apache.shiro.crypto.hash.SimpleHash]
2019-03-14 11:26:06,401 DEBUG credential.SimpleCredentialsMatcher ( - Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
2019-03-14 11:26:06,401 DEBUG authc.AbstractAuthenticator ( - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - hdpuser, rememberMe=false (].  Returned account [hdpuser]
2019-03-14 11:26:06,401 DEBUG support.DefaultSubjectContext ( - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,402 DEBUG support.DefaultSubjectContext ( - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
2019-03-14 11:26:06,539 DEBUG servlet.SimpleCookie ( - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/gateway/knoxsso; Max-Age=0; Expires=Wed, 13-Mar-2019 11:26:06 GMT]
2019-03-14 11:26:06,539 DEBUG mgt.AbstractRememberMeManager ( - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
2019-03-14 11:26:06,540 DEBUG realm.AuthorizingRealm ( - No authorizationCache instance set.  Checking for a cacheManager...
2019-03-14 11:26:06,557 INFO  realm.AuthorizingRealm ( - No cache or cacheManager properties have been set.  Authorization cache cannot be obtained.
2019-03-14 11:26:35,316 DEBUG authc.BasicHttpAuthenticationFilter ( - Authentication required: sending 401 Authentication challenge response.

Attached KnoxSSO file for reference.knoxsso.txt

How to resolve it? Please suggest.




New Contributor

Hi Bhusan,


I just landed on this page as i was looking for few things related to Knox SSO. 

Did you try setting the cookies to true?

If your issue has been resolved, let me know the solution.

New Contributor



Was the issue resolved. I am also facing the same issue and would be great to know how to resolve it



Did you get help with your knox?

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.