Management of existing Apache Knox shared providers

You can add, modify, or disable an existing shared provider configuration in Apache Knox via Cloudera Manager.

The following default shared provider configurations are deployed in CDP Private Cloud with Knox:
Table 1. Default shared provider configurations
Configuration Used by these topologies
admin admin
homepage homepage
knoxsso

homepage

cdp-proxy

manager

manager manager
metadata metadata
pam cdp-proxy-api
sso cdp-proxy
The following changes are allowed in any of these shared providers:
  • Disable a particular provider
  • Modify a particular provider
  • Add a new provider
All of these actions can be done via editing the Knox Gateway Advanced Configuration Snippet (Safety Valve) for conf/cdp-descriptors.xml by implementing the following language elements:
  • The key of a new entry should be like this: providerConfigs: providerConfig_1 [,providerConfig_2,..,providerConfig_3]
  • The value should contain the following name/value pairs separated by a hash (#) character:
    role=webappsec|authentication|federation|identity-assertion|authorization|hostmap|ha
    $role.name=ROLE_NAME (e.g. ShiroProvider)
    $role.enabled=true|false (optional; defaults to 'true')
    $role.param.param_1=value_1 (parameters are optional too)
    ...
    $role.param_N.param1=value_N