Configure Knox SSO

If you have the DLM Engine on the cluster, you must take additional steps to set up your Knox SSO configuration.

You will perform this DLM Engine Knox SSO setup on your clusters after you perform the Dataplane installation. Refer to DP Installation for more information.

Export the Knox certificate:
1. From the Knox Gateway machine, run the following command: $JAVA_HOME/bin/keytool -export -alias gateway-identity -rfc -file <cert.pem> -keystore /usr/hdp/current/knox-server/bin/knoxcli.sh export-cert
2. When prompted, enter the Knox master password.
3. Note the location path where you save the cert.pem file.
Enable the Knox SSO topology settings:
1. From Ambari > DLM Engine > Configs > Advanced > Advanced beacon-security-site, click the checkbox beside beacon.sso.knox.authentication.enabled.
2. Disable basic auth. From Ambari > DLM Engine > Configs > Advanced > Advanced beacon-security-site, uncheck the checkbox beside beacon.basic.authentication.enabled only in case of secured cluster. While using unsecured clusters, check the check-box beside beacon.basic.authentication.enabled field..
3. Set beacon.sso.knox.provideurl to https://<knox-host>:8443/gateway/knoxsso/api/v1/websso.
4. Copy the contents of the PEM file exported in Step 1 to beacon.sso.knox.publicKey
  Ensure the certificate headers are not copied.