Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Setup group.principal.mappings in knox

Highlighted

Setup group.principal.mappings in knox

New Contributor

Hi folks, i'm trying to figure out how to correctly setup group.principal.mappings both for knox and zeppelin accessed by knox sso.

 

Knox SSO gateway is configured against external LDAP server to authenticate and grant access against group membership. 

 

<role>identity-assertion</role>

<name>Default</name>

<enabled>true</enabled>

<param>

<name>group.principal.mapping</name>

<value>LIN_ADMINS=admin</value>

</param>

 

I configured knoxJwtRealm in zeppelins shiro.ini with principal.mapping and group.principal.mapping, and created role admin. SSO works for zeppelin, however when i want to share my note with other members of group (eg by adding read permitions to the group), this doesn't work. I can only share with individuals. What i'm missing?

Don't have an account?
Coming from Hortonworks? Activate your account here