Cloudera Docs

Adding Knox IDBroker role

When accessing cloud storage in Cloudera, credentials are provided by Knox IDBroker, an identity federation solution that exchanges cluster authentication for temporary cloud credentials. Add the Knox IDBroker role to your cluster.

IDBroker is a REST API built as part of Apache Knox’s authentication services. It allows an authenticated and authorized user to exchange a set of credentials or a token for cloud vendor access tokens.

Perform the following steps to add the Knox IDBroker role to your cluster:

  1. Log in to Cloudera Manager with admin credentials.
  2. Go to the Knox service page.
  3. Select the Instances tab.
  4. Add the IDBroker role to the installed Knox service.


  5. Assign a host for the Knox IDBroker role.


  6. Select a host other than the Knox Gateway role and click Continue.


  7. On the Review Changes page, update the IDBroker Master Secret password configuration to start the service.
  8. Click Continue.
  9. Restart only the Knox service from Knox > Actions > Restart.
  10. Deploy the client configuration for Knox from Cloudera Manager > Knox > Actions > Deploy Client Configuration.