Configure Apache Knox authentication for PAM
Knox authentication configurations for PAM in Cloudera Manager. PAM is the default SSO authentication provider in CDP Private Cloud.
SSO authentication for PAM
In CDP Private Cloud, Cloudera Manager
added a new Knox configuration, called
Knox Simplified Topology Management - SSO
Authentication Provider
, with the following initial configuration:
role=authentication
authentication.name=ShiroProvider
authentication.param.sessionTimeout=30
authentication.param.redirectToUrl=/${GATEWAY_PATH}/knoxsso/knoxauth/login.html
authentication.param.restrictedCookies=rememberme,WWW-Authenticate
authentication.param.urls./**=authcBasic
authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm
authentication.param.main.pamRealm.service=login
Every change here is applied to the knoxsso
topology that affects
manager
, homepage
and cdp-proxy
topologies as they are using the federation provider.API authentication for PAM
A new Knox configuration has been added for CDP Private Cloud, called
Knox Simplified Topology
Management - API Authentication Provider
, with the following initial
configuration:role=authentication
authentication.name=ShiroProvider
authentication.param.sessionTimeout=30
authentication.param.urls./**=authcBasic
authentication.param.main.pamRealm=org.apache.knox.gateway.shirorealm.KnoxPamRealm
authentication.param.main.pamRealm.service=login
Every change here is applied to
the admin, metadata,
and cdp-proxy-api
topologies.