nisha_menon16
Explorer

Re: KNOX OpenID with Pac4j to Azure AD

by New Contributor in Support Questions
‎11-28-2019 08:02 AM
‎11-28-2019 08:02 AM
Is there a way to update pac4j or Apache Knox in the existing installation? I'm using HDP 3.1.4 and it has Apache Knox 1.0.0 and pac4j 2.1.0. ... View more

Re: KNOX Pac4j connection via CURL

by Explorer in Support Questions
‎02-21-2018 06:53 AM
‎02-21-2018 06:53 AM
@Sandeep More, Nope this also didnt work. I tried: "Cookie" "CookieProvider", "Set-Cookie", "pac4j" etc. None of this seems to understand what is being passed to the callback URL. curl -ikH 'CookieProvider: pac4j.session.pac4jRequestedUrl=AAAACAAAABAAAACgKA1Sf1IwVCKgK0BhCk58OD4OXcA35fLo72qgxzeyoEBWPbqYHJgcYGtt2Fdrs6xTYeU6JMdfnGAG/jT5z+ovN6bJ09bvG4QCo7dpxOFML0ssI8C0AX6JIU/9FWu50IK/Z9FaRWRYmrFEdKRXnzvbhdXzq4uUDvWW2WfylAwgrh3o3jP3b9CqBBN9/ElI//VMrOWO1wTcQaX4a3qz5FxivxqJyu0/UPeo6IWYFILwVxJeKJkEMRvpXw==;Domain=localhost;Secure;HttpOnly' https://localhost:8442/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=IndirectBasicAuthClient Did you get it working with curl? As per the developer docs, https://svn.apache.org/repos/asf/knox/site/books/knox-0-9-0/dev-guide.html#KnoxSSO+Integration, the author does not confirm the results of the last curl passed with hadoop-jwt Cookie. Regards, Nisha ... View more

Re: Complete hadoop security with AD, Knox, Kerber...

by Cloudera Employee in Support Questions
‎11-24-2017 01:15 PM
‎11-24-2017 01:15 PM
@Nisha, If you want you use AD users system-wide for Hadoop, Knox and Ranger as well, you can think to configure Kerberos via AD itself, you can refer AD integration with Kerberos. Additionally you can configure Linux System service to use AD users and groups which can be then used configured in Hadoop as well. Please refer below articles: HDP-2.6 Security Labs Hadoop Group Mapping using LDAP/AD Setup SSSD for AD Hope this helps. ... View more

Re: Yarn queue limits don't apply

by Explorer in Support Questions
‎10-12-2017 08:18 PM
‎10-12-2017 08:18 PM
@gnovak @tuxnet Would resource sharing still work if ACLs are configured for separate tenant queues? If ACLs are different for Q1 and Q2, will it still support elasticity and preemption? Could you also please share the workload/application details that you used for these experiments? I am trying to run some experiments to do a similar test for elasticity and preemption of capacity schedulers. I am using a simple Spark word count application on a large file for the same, but I am not able to get a feel of resource sharing among queues using this application. Thanks in advance. ... View more

Re: spark-submit --proxy-user eror

by Explorer in Support Questions
‎04-05-2018 11:01 AM
‎04-05-2018 11:01 AM
@mqureshi I have a similar problem but in my case I dont want to create separate tickets for application users. My requirement is that all services in Hadoop should be accessed via KNOX as proxy user. Knox would have taken care of authentication seperately. So in my case all authenticated application users eg user1, user2 etc.. should be able to run jobs with knox proxy user. This link talks exactly of the same concept: https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html#Use_Case Here the idea is not to have seperate kerberos credentials for each individual application users. Any thoughts from your side, on what would be required for this? ... View more
Contact Me
Online
Offline
Last Visited
‎05-03-2018 07:25 AM
Public Statistics
Date Registered ‎10-11-2017 02:28 PM
Last Visited ‎05-03-2018 07:25 AM
Total Messages Posted 14
; ;