Configure Knox SSO with DLM

If you have the DLM Engine on the cluster, you must take additional steps to set up your Knox SSO configuration.

You will perform this DLM Engine Knox SSO setup on your clusters after you perform the DPS Installation. Refer to DPS Installation for more information.

Export the Knox certificate:
1. From the Knox Gateway machine, run the following command: $JAVA_HOME/bin/keytool -export -alias gateway-identity -rfc -file <cert.pem> -keystore /usr/hdp/current/knox-server/data/security/keystores/gateway.jks
2. When prompted, enter the Knox master password.
3. Remember the location where you save the cert.pem file.
Enable the Knox SSO topology settings:
1. From Ambari > DLM Engine > Configs > Advanced > Advanced beacon-security-site, click the checkbox beside beacon.sso.knox.authentication.enabled.
2. Set beacon.sso.knox.provideurl to https://<knox-host>:8443/gateway/knoxsso/api/v1/websso.
3. Copy the contents of the PEM file exported in Step 1 to beacon.sso.knox.publicKey
  Ensure the certificate headers are not copied.
4. Click Save and click through the confirmation pop-ups.
5. Restart DLM Engine.
6. Select Actions > Restart All Required to restart all other services that require a restart.