Configuring Proxy with Apache Knox
Also available as:
loading table of contents...

Configuring an Authentication Provider

An overview of authentication providers, to help you choose the right one for your environment.

There are two types of providers supported in Knox for establishing a user’s identity:
  • Authentication Providers

  • Federation Providers

Authentication providers directly accept a user’s credentials and validates them against some particular user store. Federation providers, on the other hand, validate a token that has been issued for the user by a trusted Identity Provider (IdP).

Authentication Providers

Providers have a name-value based configuration. There are different authentication providers:
  • Anonymous

    Used by Knox to let the proxied service or UI do its own authentication.

  • LDAP

    For LDAP/AD authentication with username and password. No SPNEGO/Kerberos support.


    For SPNEGO/Kerberos authentication with delegation tokens. No LDAP/AD support.

  • PAM

    For PAM authentication with username and password, via ShiroProvider.

Federation Providers

There are different federation providers:
  • HeaderPreAuth

  • SSOCookieProvider

  • JWT

  • Pac4j