If you have configured SAML to authenticate users, but your users are unable to log into
Hue using Single Sign On (SSO), then it is possible that the RSA key format is not supported. To
resolve this issue, you can use an unprotected private key and then specify the private key
filename in the safety valve.
-
Convert the
.key
file to an unprotected private key file by using the
following command:
openssl rsa -in /opt/cloudera/security/<file name>.key -out /opt/cloudera/security/<file name_unprotected>.key
openssl rsa -in /opt/cloudera/security/hadoop-cpi-prod.key -out /opt/cloudera/security/hadoop-cpi-prod_unprotected.key
-
Update the advanced configuration snippet as shown in the following example:
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/hadoop-cpi-prod_unprotected.key
cert_file=/opt/cloudera/security/hadoop-cpi-prod.pem