Support Questions
Find answers, ask questions, and share your expertise

Setup group.principal.mappings in knox

New Contributor

Hi folks, i'm trying to figure out how to correctly setup group.principal.mappings both for knox and zeppelin accessed by knox sso.

 

Knox SSO gateway is configured against external LDAP server to authenticate and grant access against group membership. 

 

<role>identity-assertion</role>

<name>Default</name>

<enabled>true</enabled>

<param>

<name>group.principal.mapping</name>

<value>LIN_ADMINS=admin</value>

</param>

 

I configured knoxJwtRealm in zeppelins shiro.ini with principal.mapping and group.principal.mapping, and created role admin. SSO works for zeppelin, however when i want to share my note with other members of group (eg by adding read permitions to the group), this doesn't work. I can only share with individuals. What i'm missing?