I was able to resolve the "Invalid redirect" by adding knoxsso.redirect.whitelist.regex but when I enter AD credentials in the KnoxSSO page it keeps redirecting to the same login page. I could see below msgs in gateway.log 2024-05-10 09:04:16,722 DEBUG knox.gateway (AclsAuthorizationFilter.java:doFilter(105)) - Access Granted: true 2024-05-10 09:04:16,760 DEBUG knox.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /images/loading.gif 2024-05-10 09:04:16,761 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(133)) - PrimaryPrincipal: anonymous 2024-05-10 09:04:16,761 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(142)) - PrimaryPrincipal has access: true 2024-05-10 09:04:16,761 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(158)) - Remote IP Address:  2024-05-10 09:04:16,761 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(160)) - Remote IP Address has access: true 2024-05-10 09:04:16,762 DEBUG knox.gateway (AclsAuthorizationFilter.java:doFilter(105)) - Access Granted: true 2024-05-10 09:04:16,795 DEBUG knox.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /redirecting.jsp 2024-05-10 09:04:16,796 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(133)) - PrimaryPrincipal: anonymous 2024-05-10 09:04:16,796 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(142)) - PrimaryPrincipal has access: true 2024-05-10 09:04:16,797 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(158)) - Remote IP Address:  2024-05-10 09:04:16,797 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(160)) - Remote IP Address has access: true 2024-05-10 09:04:16,797 DEBUG knox.gateway (AclsAuthorizationFilter.java:doFilter(105)) - Access Granted: true 2024-05-10 09:04:20,773 DEBUG knox.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /images/loading.gif 2024-05-10 09:04:20,774 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(133)) - PrimaryPrincipal: anonymous 2024-05-10 09:04:20,775 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(142)) - PrimaryPrincipal has access: true 2024-05-10 09:04:20,775 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(158)) - Remote IP Address:  2024-05-10 09:04:20,775 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(160)) - Remote IP Address has access: true 2024-05-10 09:04:20,775 DEBUG knox.gateway (AclsAuthorizationFilter.java:doFilter(105)) - Access Granted: true 2024-05-10 09:04:20,916 DEBUG knox.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /api/v1/websso 2024-05-10 09:04:20,943 DEBUG knox.gateway (GatewayFilter.java:doFilter(116)) - Received request: GET /login.html 2024-05-10 09:04:20,944 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(133)) - PrimaryPrincipal: anonymous 2024-05-10 09:04:20,944 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(142)) - PrimaryPrincipal has access: true 2024-05-10 09:04:20,945 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(158)) - Remote IP Address:  2024-05-10 09:04:20,945 DEBUG knox.gateway (AclsAuthorizationFilter.java:enforceAclAuthorizationPolicy(160)) - Remote IP Address has access: true 2024-05-10 09:04:20,945 DEBUG knox.gateway (AclsAuthorizationFilter.java:doFilter(105)) - Access Granted: true   ... View more

@Scharan Thanks! I figured out the issue, following properties were not configured in hive-site hive.server2.authentication.spnego.keytab hive.server2.authentication.spnego.principal ... View more