Support Questions
Find answers, ask questions, and share your expertise

Knox cluster SSO questions due to docs ambiguity

Knox cluster SSO questions due to docs ambiguity

I have an Ambari 2.7.3 install administering an HDP 3.1.0 + HDF 3.3.0 cluster, and am attempting to setup SSO within an Active Directory LDAP realm, but am having extreme difficulties. I am using these docs, but there are frustrating ambiguities:

My questions:

1) In the section "Configure Knox SSO for HDFS, Oozie, MapReduce2, Zeppelin, or YARN" the docs give directions containing $SSOPUBLICKEY and $SSOPROVIDERURL for HDFS...are those literals we should be inserting, or should we substitute the actual string PEM contents that we dumped from Knox previously or is it a path to a PEM file we should place somewhere on the host, and also is the other value a literal or should we subsitute that actual Knox URL? This is extremely confusing because the other services (i.e., Ooozie, Zeppelin, etc.) use different permutations if they are all the same thing.

2) To configure SSO are we editing the knoxsso-topology in Ambari, or is this done somehow in Knox in the descriptor (do't see how to add an Application), or do we edit the cluster topology manually on the Knox host? What is done with the default knoxsso-topology in Ambari if this is done in the cluster topology?

I'm sure I will have more questions later, but these are most troublesome currently, so thanks in advance to anyone who might be able to shed some light on what the heck is going in with this stuff... :)