Configure Knox SSO

If you have the DLM Engine on the cluster, you must take additional steps to set up your Knox SSO configuration.

You will perform this DLM Engine Knox SSO setup on your clusters after you perform Dataplane installation. Refer to DP Installation for more information.

Export the Knox certificate:
1. From the Knox Gateway machine, run the following command: $JAVA_HOME/bin/keytool -export -alias gateway-identity -rfc -file <cert.pem> -keystore /usr/hdp/current/knox-server/data/security/keystores/gateway.jks
2. When prompted, enter the Knox master password.
3. Note the location path where you save the cert.pem file.
Enable the Knox SSO topology settings:
1. From Ambari > DLM Engine > Configs > Advanced > Advanced beacon-security-site, click the check-box beside beacon.sso.knox.authentication.enabled field.
2. Disable basic auth. From Ambari > DLM Engine > Configs > Advanced > Advanced beacon-security-site, uncheck the check-box beside beacon.basic.authentication.enabled field only in case of secured clusters. While using unsecured clusters, check the check-box beside beacon.basic.authentication.enabled field.
3. Set beacon.sso.knox.provideurl to https://<knox-host>:8443/gateway/knoxsso/api/v1/websso.
4. Copy the contents of the PEM file exported in Step 1 to beacon.sso.knox.publicKey
  Ensure the certificate headers are not copied.