To sign out from the application (DAS Webapp) and the identity provider on secure
clusters, you need to create a KnoxSSO out topology in the Ambari console and configure the
knox_ssout_url through the Ambari UI.
This section can be used to configure the Knox SSO logout URL for both HA and non-HA
clusters.
-
SSH in to the Ambari console on which you have configured Knox as a root
user.
-
If you are configuring KnoxSSOUT for the first time, then you need to create a
KnoxSSO out topology called
knoxssout.xml
in the
/etc/knox/x.x.x.x-xx/0/topologies
directory.
If you have already configured KnoxSSOUT, then you can skip this step.
Add the following lines in the knoxssout.xml
file:
<?xml version="1.0"?>
<topology>
<gateway>
<provider>
<role>hostmap</role>
<name>static</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>KNOXSSOUT</role>
</service>
</topology>
| Note |
---|
If you have configured Knox SSO for HA clusters, then you must create the
KnoxSSO out topology on all the Knox hosts. |
-
On the Ambari UI, go to and specify the Knox SSO logout URL in the
knox_ssout_url field in the following format:
https://{host}:{port}/{cluster-name}/{knox-sso-out-topo}/api/v1/webssout
Where,
knox-sso-out-topo
is the name of the KnoxSSO out
topology xml file that you created earlier. In this case, it is
knoxssout
.
The host and the port that you
specify here should be the same as those specified in the
knox_sso_url field.
To obtain the cluster_name, on the
Ambari UI, click and note the value from the Cluster
Name field.
If you have HA clusters, then
specify the host and the port of the load balancer pointing to the Knox
instance.
-
Click Save and click through the confirmation
pop-ups.
-
Restart DAS and any services that require restart by clicking .