Installing DataPlane
Also available as:
PDF

Knox SSO with DPS

DPS Platform and the DPS Apps leverage Knox SSO to provide users and services with simplified and consistent access to clusters, data and other services. You must configure Knox SSO on the clusters you plan to use with DPS. You will perform this Knox SSO setup on your clusters after you perform the DPS Installation. Refer to DPS Installation for more information.

DPS authenticates users against a centralized identity provider in the organization (such as an LDAP or AD). Having Knox SSO setup with your clusters ensures that those users and services are authorized to perform specific actions on the respective clusters, and propagates the identity of the user or service from DPS to the cluster services. You must perform the Knox SSO setup on your clusters after you perform the DPS Installation.

Important
Important

The Knox SSO of your cluster must be configured to use the same LDAP/AD as your DP instance for user identity to match and propagate between the systems.

Minimally, your cluster requires a Knox SSO configuration to include the following cluster services: Ambari, YARN and HDFS. Refer to your specific DPS Apps documentation for any additional cluster services that may also be required to be configured in Knox SSO.

Refer to the following documentation on how to configure your cluster for Knox SSO:

Resource Documentation
Install Knox and enable in Ambari HDP Security Guide, Install Knox
Configure SSO topology HDP Security Guide, Identity Providers (IdP)
Configure Knox SSO for Ambari HDP Security Guide, ​Setting up Knox SSO for Ambari
Configure LDAP with Ambari Ambari Security Guide, Configuring Ambari Authentication with LDAP or Active Directory Authentication