Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Please help me understand how Knoxsso setup works?

Please help me understand how Knoxsso setup works?

New Contributor

I have been referring below docs for knoxsso setup:

- http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration

- https://knox.apache.org/books/knox-0-11-0/user-guide.html#KnoxSSO+Setup+and+Configuration

I have a two node Hadoop cluster setup. My Knox gateway is running at same host as my cluster's namenode is running. I am also running Demo LDAP for authenticating as Knox user.

Now I am trying to access webhdfs via gateway by sending HTTP requests using curl but every time I have to specify username and password with the request. I believe KnoxSSO can help in this case but I am not yet clear about how it works.

Also, I am following the above-mentioned links for the KnoxSSO setup and I am not very clear about configuration setting in user's guide link -> "Participating Application Configuration - Hadoop Configuration Example". Why would we need this?

3 REPLIES 3
Highlighted

Re: Please help me understand how Knoxsso setup works?

Contributor

Hi @GN_Exp

Knox SSO providing WebSSO capabilities to the Hadoop cluster.
For now, HDP supports SSO for Ambari, Ranger, Atas. Means when you login into Ambari using Knox credentials, you can login into Ranger UI an Atlas UI without credentials on Web Console.
In Next major release we will be supporting All components for SSO, probably in HDP 3.0.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/knox_sso.html
Please let me know if you require any more info on Knox SSO.

Re: Please help me understand how Knoxsso setup works?

New Contributor
@Pravin Bhagade

Thanks for answering!

So does your answer implies that I have to provide credentials every time I request access to webdhdfs using curl commands.

Can I have a kerberoes authentication setup with the demo ldap to bypass credentials with each request?

Re: Please help me understand how Knoxsso setup works?

Contributor

It's similar to session maintenance in web - post login, browser receives a cookie which it sends with every request so that it's authenticity session is maintained. So, with knox it should be possible same way (if you can manage to send cookie with each request post the first one). Kerberos is another authentication mechanism so don't think adding the 2 together will help nullify one of it.